Canadian technical consultant Ade Barkah is having quite a bit of fun with his locked iPhone 4, which he tricked into disclosing his address book contacts’ information, and even initiate FaceTime calls.
“Had this been my jealous girlfriend probing my locked phone, I would’ve been totally busted!” he writes
Ade makes a detailed entry, complete with screenshots and relevant examples of how anyone can exploit this vulnerability on their Apple handset.
He shows a screenshot of his iPhone’s lock setup screen. He disables Voice Dial, but he carefully outlines that “a fine print on the setup screen above notes that ‘iPod Voice Control is always enabled’ so it can still be used to play songs, etc.”
This is where a “restricted” device can be tricked into leaking some private info. The process is fairly simple.
You “slide to unlock” but instead of entering the passcode, hit the “Emergency Call” button, at which point the special emergency call screen appears.
With this screen showing, the person using the phone can bring up Voice Control and pronounce a random name that hopefully matches a contact in the iPhone owner’s address book.
Ade offers several examples, including one where he asks to call someone named Alice, even though he doesn’t have anyone with that name in his Address Book.
That’s still a valuable leak of information, he claims.
“Actually, that response in itself, my friends, is already a leak. Voice Control reveals that I don’t have a contact named “Alice” in my Contacts. One leaked privacy bit,” he writes.
He then proceeds to offer an example where he does find a match in the Address Book.
“Just to test, let’s try with someone who’s actually in my address book, my friend Wayland. I bring up Voice Control again from the Emergency Call screen and say ‘call <Wayland>’.”
“Wow, it tries to dial out! Although the call fails to actually connect, the screen reveals Wayland’s full name and that I have his mobile number. Not a huge deal, but more leaked bits!” the tech writer says.
Sure enough, the same method can be applied to complete a call from the locked phone. The key to achieve this is FaceTime, Apple’s video calling service, Ade reveals.
“…the FaceTime calls from my locked iPhone successfully connected and I was able to see + converse with the other party,” he confirmed.
“While the iPhone attempts to connect the FaceTime call, it will show the contact’s profile picture if any,” Ade explains. “So a stranger using your iPhone could possibly see pictures of your contacts even if they do not have FaceTime enabled,” he concludes.
It is unclear whether Apple has been formally notified of this bug. Nonetheless, we should see it patched in the next iOS release.