One of the great things about the Apple’s iOS mobile operating system is the native ability to be able to set certain restrictions on the device that prevent users from performing certain tasks. The restrictions options, which are accessible through the General menu of the Settings app on the device, are similar to parental controls that allows the owner of the device to restrict certain actions from being performed on the device, such as launching the App Store, Camera or Safari.
When any restrictions are activated, the device prompts for a four digit passcode to be entered, which provides a level of security, meaning that any end user of the device cannot re-enable any of the disabled features without having access to the code. Although not something that I have ever personally used on a regular basis, I would imagine the restrictions are very popular with parents who give an iPhone or iPod touch device to their children as a means of communication.
If you are a jailbroken iOS device owner who likes to prohibit certain features of the device through the use of restrictions, then it may be worthwhile checking whether or not that device also has the ‘AssistantExtensions’ tweak installed upon it. iOS developer Krishna Sagar has found that restrictions settings can be bypassed on devices that have AE installed by using Siri without having to enter any passcode.
Say for example a restriction had been set up through the general settings to remove access to the iTunes app on the device. When the passcode has been entered and the iTunes app has been toggled to ‘Off’, the icon itself will be removed from the home screen of device, meaning that it can’t be launched by the end user. But if the device has AssistantExtensions installed from Cydia, he or she can simply invoke Siri through the normal methods and give the command ‘Launch iTunes’. The Siri app will then force quit and disappear from view before actually launching the iTunes app with full usage capabilities and without asking for the security code.
Although it isn’t an earth shattering security vulnerability and doesn’t really provide access to any sensitive data, it is worth paying attention to if you are a jailbroken user who has certain restrictions set for whatever reason and make use of the AssistantExtensions package.