Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Group FaceTime for iOS exposes users’ full contact info


A researcher has apparently found a way to exploit the new Group FaceTime feature in iOS 12.1 in order to access iPhone users' contact information.

The Hacker News has reported that Spanish researcher Jose Rodriguez made the discovery just hours after the release of version 12.1 last Oct. 31, and subsequently created a video of his technique, which he posted online.

The "hack" works by calling one person's iPhone from another iPhone, then upon connection launching the FaceTime video call option and selecting "Add Person" from the menu. Doing so will reveal to the attacker the other phone's full contact list. Using the 3D Touch option on each contact reveals even more information.

The Hacker News reports that Rodriguez has previously uncovered other iPhone passcode bypass hacks, including two that leverage Siri and the VoiceOver screen reader in iOS versions 12 and 12.0.1, respectively.

Apple's last update to iOS version 12.1 included fixes to 32 vulnerabilities found in a number of features and components, including AppleAVD, Contacts, CoreCrypto, FaceTime, the Graphics Driver, ICU, IOHIDFamily, IPSec, the Kernel, Messages, NetworkExtension, Notes, Safari Reader, Security, VoiceOver, WebKit and WiFi. However, a new update to address this apparent oversight in FaceTime may soon be in order.

SC Media has contacted Apple for comment.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.