Dan Pražák Testing beta versions of systems has both bright and dark sides. It is tempting to try out all the new features before they are released, but on the other hand, testers and developers are exposed to the risk of serious security flaws. This is not the case with Apple and its new iOS 13 and iPadOS systems, where a bug has been discovered that allows you to view all passwords, emails and usernames stored on the device without the need for authorization.
The error affects users who use the Keychain feature on their iPhone or iPad. This allows you to save all saved passwords and subsequently offers the function of automatic filling and logging in to applications and websites after user authentication via Touch ID or Face ID.
It could be interest you
Petr Škuta Saved passwords, usernames and emails can also be viewed in Settings, in the section Passwords and accounts, specifically after clicking on the item Website and application passwords. Here, all stored content is displayed to the user after appropriate authentication. However, in the case of iOS 13 and iPadOS, authentication via Face ID/Touch ID can be easily bypassed.
Exploiting the error is not at all complicated, all you have to do is repeatedly click on the mentioned item after the first unsuccessful authorization, and after several attempts the content will be completely written out. A sample of the described procedure can be found in the video from the channel attached below iDeviceHelp, who discovered the error. After hacking, both the search and the display of information about which website/service/application the given username and password are assigned to are available.
However, it should be noted that the bugs can only be exploited if the device is already unlocked. Therefore, if you have iOS 13 or iPadOS installed and you lend your iPhone or iPad to someone, do not leave the device unattended. After all, that's why we're pointing out the error - so that you, as testers of new systems, take extra care.
Apple should rush the fix in one of the next beta versions. However, one of the discussants on the server 9to5mac notes that Apple already pointed out the error during the testing of the first beta, and although the engineers asked for detailed information, they were unable to fix it even after more than a month.
Apple warns all developers and testers who participate in its system testing program that beta versions may contain errors. Anyone who installs iOS 13, iPadOS, watchOS 6, tvOS 13 and macOS 10.15 must therefore reckon with a possible security threat. For this reason, Apple strongly advises against installing systems for testing on a primary device.
