iOS VoiceOver Vulnerability Allows Unauthorized Access to Photos

Just a week ago, we reported that security researcher Jose Rodriguez discovered a way to bypass the iOS lock screen and access personal information. That method allowed someone to view a user’s contacts and all their photos. The issue was related to the VoiceOver feature—a mode designed for visually impaired users, where the phone reads aloud the information displayed on the screen when tapped.

Now, according to Apple Insider, Rodriguez has continued his research and found another problem associated with VoiceOver. He demonstrated how to exploit this bug in a video, which you can see below.

How the Exploit Works

This time, the attacker needs to call the victim’s phone number (if the attacker doesn’t know the number, they can ask Siri for it) and select the “Answer by SMS” option on the target device to reply to the call with a text message. After choosing a custom message as the reply, the attacker should type any text in the provided field and, most importantly, ask Siri to activate VoiceOver.

Next, the attacker selects the camera icon and double-taps the screen while simultaneously invoking Siri. Apparently, this step causes a system conflict. Although the attacker will only see a black screen, the bug has worked, and as shown in the video, access to the user’s photos is now possible. Swiping left opens the Photo Library, and selecting a photo with a double-tap returns the attacker to the Messages screen. As a result, the attacker can not only view the victim’s images but also send them to themselves.

Affected Devices and Protection

According to the researcher, this issue affects all current iPhone models, including the X and XS, running the latest iOS 12.0.1. Apple will likely fix the vulnerability in an upcoming system update.

To protect your device from such vulnerabilities, simply disable Siri on the lock screen (“Settings → Face/Touch ID & Passcode → Siri”) or at least turn off the “Reply with Message” option in the same menu.