How to Prevent Theft of iPhone Notes via iOS Vulnerability

On iOS 15 launch day, a security researcher reported a vulnerability allowing hackers to bypass the lock screen and access notes on iPhones with the latest iOS updates (iOS 14.8 and iOS 15). 

The vulnerability affects the Control Center, which is made accessible by manufacturers even if the screen is locked. The cyberattack involves two stages. First, the hacker asks Siri to enable VoiceOver, which reads screen descriptions aloud and allows users to interact with the device by voice. This allows Notes to be opened from Control Center (while information remains hidden). Second, the cyber criminal opens Stopwatch from Control Center and swipes a few times until VoiceOver suggests opening Notes. After the command is complete, all notes are displayed on the screen. The hacker can then send a certain note to another device if the victim’s phone receives a call from them and auto-replies via a required format.

In order to succeed, a hacker must have physical access to a smartphone and know the victim’s phone number. Also, the phone must have Siri switched on and be connected to the Internet, while the Control Center (with Notes and Stopwatch) must be accessible via lock screen. The hacker can only exploit the vulnerability if all of the above conditions are fulfilled.

To protect your device, keep it to yourself, do not provide your phone number to unreliable sources, and follow basic cyber hygiene rules. One example of a key precaution is to limit access to apps you do not use by removing app icons from the Control Center.