New hack bypasses iPhone's lock screen on iOS 12

Think the contacts and photos on your iPhone are secure from prying eyes? Think again.
By Stan Schroeder  on 
New hack bypasses iPhone's lock screen on iOS 12
Phone locked? No problem. Credit: Lili Sams/Mashable

Apple's iPhone is advertised as a highly secure device, which is why it's a bit funny when someone easily beats its security shortly after a major new version of iOS is released.

A YouTube video posted last week alleges that it's possible to bypass the lock screen of an iPhone running iOS 12 without knowing the password, and access both contacts and photos.

The process, discovered by security researcher Jose Rodriguez, is a bit convoluted and requires invoking Siri to enable Voiceover, then sending a text message from another phone to the iPhone. Then, a double-tap at the right moment grants you access to features and commands you shouldn't be able to access, invisible behind a white screen but still accessible by swiping across the screen. One of these then enables you to access the phone's contacts, while a more complicated hack (but also doable without any special equipment or expert knowledge) lets you access photos on the phone.

The original video, in Spanish, shows the trick working on what looks like the iPhone 8, but the same technique was recreated on an iPhone XS Max in another (English) video by EverythingApplePro, below. Apparently, the bug is present in iOS 12 (and the iOS 12.1 beta) and works on all Apple devices that can run it.

An attacker would definitely need physical access to the phone and some time with it to perform this hack, so it's not something that could happen while the iPhone is in your pocket. Furthermore, the trick does not give you complete control of the locked phone. But being able to gain unauthorized access to contacts and photos is a serious security issue on its own.

Naked Security points out that it's possible to protect your iPhone from this hack by disabling Siri's lock screen access; the option to do that can be found in Settings > Face ID & Passcode.

Rodriguez has been doing this sort of thing for a while now. I wrote about a similar hack he's done in iOS 9 back in 2016, but judging by his YouTube channel he's been cracking the iOS lock screen since iOS 5.1.

We've asked Apple about this issue and will update the article when we hear from them.

Stan Schroeder
Stan Schroeder
Senior Editor

Stan is a Senior Editor at Mashable, where he has worked since 2007. He's got more battery-powered gadgets and band t-shirts than you. He writes about the next groundbreaking thing. Typically, this is a phone, a coin, or a car. His ultimate goal is to know something about everything.


Recommended For You



When is the last day to file taxes?
A person at their computer holding a note that reads "tax time."

40+ of the best outdoor deals during Amazon's Big Spring Sale
Solo Stove pizza oven and other outdoor gear in truck bed

More in Tech

What will happen when the next supervolcano erupts, according to NASA
The view from the International Space Station as the Raikoke volcano erupts in 2019. (Not a super-eruption; such an event hasn't happened in modern history.)

The internet is freaking out about reheated rice. Should you be worried?
A man reheating rice

CERN's Large Hadron Collider is looking for dark photons. But... why?
one of the LHC particle accelerator's tunnels


Trending on Mashable
NYT Connections today: See hints and answers for March 28
A phone displaying the New York Times game 'Connections.'

Wordle today: Here's the answer and hints for March 28
a phone displaying Wordle

NYT's The Mini crossword answers for March 28
Closeup view of crossword puzzle clues

NYT Connections today: See hints and answers for March 27
A phone displaying the New York Times game 'Connections.'

The biggest stories of the day delivered to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up. See you at your inbox!