Apple released the iOS 12.1 update on Tuesday and almost as soon as it did it a security researcher from Spain discovered that there is a bug capable of exploiting Facetime group calls. This bug allows anyone the possibility of viewing an iPhone user’s contact information without the need for a passcode.
The iOS exploit was discovered by Jose Rodriguez who first sent the information to The Hacker News. Then, he uploaded a video to YouTube in which he demonstrated how the passcode bypass works and, according to Gizmodo, it seems to be the case that all the conditions outlined by him to be legitimate.
Someone who doesn’t have the best intentions and finds himself or herself in physical possession of your phone they are targeting would have a few options of viewing your contact information. They can either call the phone from another iPhone or perform a call with the phone itself. When the call connects they would select the Facetime app, tap ‘add person’, select the ‘plus’ icon and start scrolling through the contacts.
By using the 3D touch on a name they would view all contact information stored inside the app. If you’re wondering just how it is possible to do that, find out that you can perform calls without entering passcodes
You can do it by either asking Siri to do it and if they don’t know the phone number they can just say ‘call my phone’. After Gizmodo tested these ways with both a stranger’s voice and the owner’s voice, it resulted that Siri would do this with no problem.
It sounds worse than it is and if a random hacker would do this, they would encounter some problems to clear in order for this to function. Still, it would still pose some problems for users, so it is better to avoid handing your phone over to strangers.