iOS 15: Disgruntled researcher exposes iPhone lockscreen bypass

New iPhone lockscreen bypass abuses Siri functionality to access Notes content

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A security researcher has published details of a new lockscreen bypass technique that can be used to accessiPhonecontent without supplying a passcode or other form of authentication.

The technique abuses quirks inApple’s Siri and VoiceOver services and could allow an attacker to retrieve information stored in the iPhone Notes app, in which users have been known to store account credentials and other sensitive information.

In atweetpublished last week, researcher Jose Rodriguez explained the vulnerability is present in iOS 14.8 and the pre-launchiOS 15release candidate. He has since also confirmed that the public iOS 15 build, which arrived yesterday, suffers from the same problem.

Apple bug bounty controversy

According to Rodriguez, the decision to disclose the iPhone bug on iOS 15 launch day was a very deliberate one, made in protest of the standard of the Apple bug bounty program.

This is the second time Rodriguez has discovered an iPhone vulnerability of this sort. In a previous instance, he reported the issue directly to Apple, but was unimpressed by the way in which the company handled his disclosure and the compensation he received.

“Apple values reports of issues like this up to $25,000,” he wrote, in reference to the latest vulnerability. “But for reporting a more serious issue I was awarded with $5,000.”

In alater tweet, he explained he had decided to disclose the new vulnerability publicly “in hopes Apple realizes it is being tightwad rewarding security bug reports, and reconsider the bounties (sic)”.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

This is not the first time in recent weeks the company’s bug bounty program has come under fire. Earlier this month,reports emergedof a massive backlog of unfixed bugs and general frustration among security professionals who have engaged with Apple.

TechRadar Prohas asked Apple for comment on the criticisms of its program, but the company is yet to respond.

ViaTheRecord

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He’s responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

TP-Link Archer BE3600 Wi-Fi 7 Router review

Ulefone Armor Pad 3 Pro rugged tablet review

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics