Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Group FaceTime for iOS exposes users’ full contact info

November 9, 2018

By Bradley Barth

A researcher has apparently found a way to exploit the new Group FaceTime feature in iOS 12.1 in order to access iPhone users' contact information.

The Hacker News has reported that Spanish researcher Jose Rodriguez made the discovery just hours after the release of version 12.1 last Oct. 31, and subsequently created a video of his technique, which he posted online.

The "hack" works by calling one person's iPhone from another iPhone, then upon connection launching the FaceTime video call option and selecting "Add Person" from the menu. Doing so will reveal to the attacker the other phone's full contact list. Using the 3D Touch option on each contact reveals even more information.

The Hacker News reports that Rodriguez has previously uncovered other iPhone passcode bypass hacks, including two that leverage Siri and the VoiceOver screen reader in iOS versions 12 and 12.0.1, respectively.

Apple's last update to iOS version 12.1 included fixes to 32 vulnerabilities found in a number of features and components, including AppleAVD, Contacts, CoreCrypto, FaceTime, the Graphics Driver, ICU, IOHIDFamily, IPSec, the Kernel, Messages, NetworkExtension, Notes, Safari Reader, Security, VoiceOver, WebKit and WiFi. However, a new update to address this apparent oversight in FaceTime may soon be in order.

SC Media has contacted Apple for comment.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Learn More

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Keeping modern customer support tools secure

Identity

Killing CAPTCHA: Blueprint for a more secure and frictionless future

Paul WagenseilMarch 24, 2025

The old CAPTCHA method of verifying human website visitors is clunky, inefficient and annoying. Here's how websites can smoothly and seamlessly establish user humanity.

Encryption

Hidden flaws exist in millions of RSA digital certificates

Paul WagenseilMarch 13, 2025

Keyfactor research finds that about 18% of RSA-based digital certificates have flaws ranging from trivial to very serious. A new tool promises to find them.

Encryption

You need to prepare for post-quantum cryptography now. Here’s why

Paul WagenseilMarch 12, 2025

Quantum computers could arrive any day, yet it'll take years to swap out vulnerable encryption algorithms for "quantum-safe" replacements. Here's why and how to start the transition now.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news