iOS 12.1 supposedly brings new features such as Group FaceTime, over 70 new emojis, Depth Control in real-time preview and dual-sim support to the new iPhone models, but it may have overlooked the security in FaceTime, allowing hackers to gain information on locked iPhones.
First of all, the hacker need to use an iPhone to call your iPhone because it requires the FaceTime feature. Then, when the hacker uses your locked iPhone to answer the call, he/she will first need to tap the FaceTime option and then the ellipsis (•••) icon. Then, by tapping on “Add Person” followed by the (+) icon, he/she will have access to all your contacts on your iPhone which includes whatever data you have filled for your contacts.
The flaw is of significance because it allows people to get contacts data without needing the iPhone owner’s Face ID or Touch ID which is a clear breach of privacy. Also, this hack is only achievable with 3D Touch, which is a relief for the iPhone XR, iPhone SE and iPhone 6 users.
Apple should be well aware of the issue by now and should come up with the bug fix soon, not to mention that the company has already released a beta version of 12.1.1.