Vulnerabilities in Parental Controls feature in iOS 13.3 Can Easily Communicate Bypassing Controls
Apple has enhanced parental controls in the latest official version of iOS 13.3, allowing parents to remotely load contact lists on their children ’s devices or restrict communication. Originally, these functions were to prevent children from over-communicating with some people they knew or did not know. For parents, these new functions are still very useful. However, shortly after the release of this version, it was discovered that there were security loopholes that could be bypassed. After the bypass, the child could still communicate without restriction and not be affected.
“iPhone 11 / iPhone 11 Max / iPhone 11R / iOS 13 Concept” by Ran Avni is licensed under CC BY-NC-ND 4.0
After the user starts the parental control function, under normal circumstances, without the permission of the parent, the child can only communicate with the stored contacts. It is interesting that when the child receives a message from an unknown contact, the system will pop up a prompt to tell the child that this is restricted, but the system will also provide new options. This option will guide the child to store the unknown contact in the address book. In principle, the storage operation cannot be performed without the parent’s password. However, the potential erroneous process causes the child to store contacts in the iCloud account. In this case, the storage can bypass the control for unlimited communication.
After a media report, Apple issued a short statement indicating that the company has confirmed the existence of the problem and is currently investigating the cause of the problem and developing a fix. However, Apple did not apologize for this mistake. Usually, Apple will apologize for this error. In addition, the media mentioned that there are other shortcomings in the parental control function. When the child has an Apple Watch and is paired with the iPhone, the restrictions can be bypassed. Children can send any text message or make any phone calls directly from Siri on the watch, so they are not restricted by the communication function controlled by parents.
Via: Thurrott
