What you need to know
- Someone with access to your iPhone could access your contacts.
- The process is complex.
- The issue has already been reported to Apple.
New bugs are to be expected when software is in the beta phase, but a new one found in iOS 13 could give someone access to your contacts. They'll need to go through some pretty convoluted steps, but if they're left alone long enough it's definitely doable.
The issue was first spotted by Jose Rodrigues who took to YouTube to share the process in full. The folks at AppleInsider have also been able to replicate it, too.
The process itself needs the attacker to know your phone or FaceTime details and then initiate a call. Then they respond with a custom message rather than answering the call. From that message screen they then invoke Siri and enable VoiceOver before then disabling it again. When they return to the message composition screen they can then add contacts and thus see their details as well.
None of that is a quick process – the video runs for almost two minutes – but it does show that it is possible. Rodrigues has already reported it to Apple and we'd expect it to be fixed soon, if it isn't already. They also found a similar flaw in iOS 12 last year which allowed people to access a device's photos and contacts. Apple subsequently patched that, too.
The iPhone 11 and iPhone 11 Pro ship next week with iOS 13 pre-installed. If the fix isn't already there it's likely an iOS 13.0.1 update will follow very shortly.