José Rodriguez 's shoulder attacks are complex, each with Siri, Apple' s VoiceOver screening capability, and several steps of the Notes application. Both methods work on iPhones running the latest version of iOS (including biometric IDs or models with face IDs).
Of the two videos of Rodriguez's Spanish version of the YouTube channel, the first one explains a vulnerability that allows a potential attacker to bypass Face ID and Touch ID security protocols.
By demonstrating this process, Rodriguez enables VoiceOver through Siri 's query. From there call the target iPhone with another device and press the "message" button in the displayed call dialog to create a custom text message. Upon entering the message, Rodriguez moves the text selector to the "+" sign, adds another contact, sends the SMS to the target iPhone using the secondary device, and displays a notification. If you double-click the target iPhone screen while the notification is displayed, there seems to be a conflict with the iOS user interface.
Rodriguez AppleInsider The second device needs to bypass.
The screen will be empty, Siri will be reactivated again and invalid immediately. Although the screen remains empty, the text box of VoiceOver may access the Message User Menu at first glance. By referring to the available options and choosing "Cancel", the original message screen will be displayed and a malicious user can add a new recipient. When you select a number from the soft keyboard, the contact number that contains the telephone number you recently dialed or received and the metadata associated with that number is displayed.
In addition, if there is an "i" button or information next to each entry in the displayed contact number or number, you can access the entire address book. Once you disable VoiceOver in Siri and press the "i" icon, contact information will be displayed. When you execute a 3D touch gesture with a contact avatar, the options "Phone", "Message", "Add to Existing Contact", or "Create New Contact" are displayed. Selecting the latter will display a complete list of contacts.
Finally, the pictures are recoverable again …
Hope you like the news Complex iOS passcode bypasses grant access to iPhone Contacts and Photos. Stay Tuned For More Updates 🙂