Security researcher Jose Rodriguez has discovered a new vulnerability in iOS that allows attackers to bypass a secured iPhone lock screen and access notes.
The security flaw, which is present and works on iOS 14.8 and iOS 15, was recently discovered by Rodriguez on his YouTube channel To bypass the lock screen of the respective iPhone, Rodriguez first asks Siri to activate VoiceOver and navigates to Notes in the Control Center. As expected, a new note field appears without the user's content visible.
Attacker can export notes
By opening the Control Center again, Rodriguez selects the stopwatch and opens it. After some trickery, he can select the previously opened Notes app using VoiceOver. Instead of an empty note, iOS now grants access to the entire notes database including stored content, which in the example case includes a note with text, an audio recording, an HTML link, a contact card and more. Rodriguez then uses VoiceOver's rotor to select the note and copy it to a second iPhone for export. The target device is then called from a second iPhone. The attacker can now reject the call and paste the copied text into their own message reply. Alternatively, the text can also be pasted into messages when a second device sends an SMS or iMessage message to the target iPhone.
Password-protected notes remain unaffected by the vulnerability
Although the vulnerability is of course dangerous, an attacker cannot easily exploit it. A few other requirements must be met here. The attacker needs physical access to the iPhone. In addition, Siri must be activated, the control center must be available on the lock screen, and notes and stopwatch must be stored in the control center. The attacker must also know the phone number of the potential victim. So the vulnerability is dangerous, but exploitation can be easily prevented. It remains to be seen when Apple will fix the whole thing with a software update. (Photo by New Africa / Bigstockphoto)
