A researcher has apparently found a way to exploit the new Group FaceTime feature in iOS 12.1 in order to access iPhone users’ contact information.
The Hacker News has reported that Spanish researcher Jose Rodriguez made the discovery just hours after the release of version 12.1 last Oct. 31, and subsequently created a video of his technique, which he posted online.
The “hack” works by calling one person’s iPhone from another iPhone, then upon connection launching the FaceTime video call option and selecting “Add Person” from the menu. Doing so will reveal to the attacker the other phone’s full contact list. Using the 3D Touch option on each contact reveals even more information.
The Hacker News reports that Rodriguez has previously uncovered other iPhone passcode bypass hacks, including two that leverage Siri and the VoiceOver screen reader in iOS versions 12 and 12.0.1, respectively.
Apple’s last update to iOS version 12.1 included fixes to 32 vulnerabilities found in a number of features and components, including AppleAVD, Contacts, CoreCrypto, FaceTime, the Graphics Driver, ICU, IOHIDFamily, IPSec, the Kernel, Messages, NetworkExtension, Notes, Safari Reader, Security, VoiceOver, WebKit and WiFi. However, a new update to address this apparent oversight in FaceTime may soon be in order.
SC Media has contacted Apple for comment.