A bug has been found in Apple’s latest version of the iOS mobile operating system which allows anyone access to the Photos folder on your iPhone.
The bug which has been first reported by YouTube channel iDeviceHelp, affects iOS 11.0.3 (the newest version of Apple’s mobile operating system for general public), and iOS 11.1 beta (the preview version of the mobile operating system that Apple made available to developers this month).
If an iPhone user has the target device in their possession and knows the device’s phone number or Apple ID, then they could exploit what appears to be a vulnerability in iOS to gain access to the photos saved on the victim’s iPhone.
So how does it work?
The attacker may give the victim a FaceTime Audio call, however, instead of accepting or rejecting the call, the attacker taps the “Message” button and selects the Custom option. Tapping on Custom option prompts the Message app to open, after which the attacker is required to randomly select three emoji characters.
Once this has been completed, the attacker hangs up the FaceTime call, and taps the Home button to trigger Siri and ask it to open Settings. At this point, Siri will ask the attacker to unlock the victim’s iPhone.
iDeviceHelp notes that the attacker now needs to press the power button to put the phone in sleep mode.
After this is done, the attacker needs to make another FaceTime Audio call from their iOS device to the victim’s handset. Once the victim’s device gets the call notification, they need to tap the Message button again and then select “Custom” setting.
At this point, iDeviceHelp indicates, that the attacker will find that they have complete access to Message app, and they can open the Photos folder and select and send any images from the victim’s device.
While we wait for Apple to fix the glitch, you could potentially try to disable Siri access from lock screen as a stop-gap solution to prevent anyone from accessing their device’s data. As mentioned above, both the attacker and victim need to be using an Apple device, as the exploit requires the outgoing message to be an iMessage, and not a regular SMS.
