szilak.com

Locked iPhone Saved Contact Confirmation

:apple:iphone:privacy:
<2025-09-18>

Summary   ATTACH

It is possible to confirm whether a Phone Number/Email is saved in an locked iPhone (after first unlock) by using Spotlight Search.

PoC: https://youtube.com/shorts/011jq9SN6MA

Prerequisites

Physical access to a locked iPhone with default configuration after first unlock (incl. Lockdown Mode (https://support.apple.com/en-us/105120)).

Steps to Reproduce

  1. Use Spotlight Search to search for a Phone Number (with proper country coding e.g., +36 for Hungary)/Email Address.
  2. If the Phone Number/Email Address is in the Contact List, there will be no option to Call/Email them (only search in safari shows up).

Exploitation   ATTACH

Saved Contact Info (Phone Number ending in 37, Email ending in 02@gmail.com):

IMG_3734.PNG

Only Safari Search shows up when a Saved Contact is hit:

IMG_3735.PNG

Add Email shows up when an Unsaved Contact is hit:

IMG_3736.PNG

It's the same with Phone Numbers…

Phone Number is SAVED IN Contact List:

IMG_3737.PNG

Phone Number is NOT saved in Contact List:

IMG_3738.PNG

Possible Remediation: Only show Add Number/Email option after unlocking the device to avoid Contact Information Disclosure.

Response   ATTACH

Screenshot 2025-09-18 at 12.54.31.png
  • Haha it's just intentional behavior if u want securti✨ just disable the function and get fkd retard
Creative Commons License
szilak.com by Mate Szilak is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.