Continue reading...In the iOS update released the other day, number 12.1, a vulnerability was discovered that allows physical access to the iPhone to get a list of all contacts without having to unlock it.
To get the list of contacts, you need to call the Siri voice assistant on the locked screen and initiate a call to a contact with it. The call is then transferred to FaceTime, which now supports group calls for up to 32 people.
Using the menu to add a new user to the current FaceTime call, an attacker can view the full list of contacts on the device, as well as get detailed information about any contact using 3D Touch technology.
To protect themselves against the detected vulnerability, iPhone users with iOS 12.1 should disable Siri on the locked screen in the corresponding option, which is located in the “Siri and Search” settings.