Off the back of recent reports regarding an iOS bug that allowed a hacker to potentially access encrypted email attachments, it has now emerged that a further flaw, existent through Siri, allows users to bypass lock screen security and make calls or send SMS messages using the Apple voice assistant.
Even though the iOS lock screen is supposed to keep the majority of a device’s content securely stored away from prying eyes, the fact that certain features like Siri can also be accessed without unlocking has always been fraught with issues. We’ve already seen, through the many iOS 7.0.x updates, that the lock screen isn’t as foolproof Apple would often suggest, and these latest, Siri-based exploits don’t exactly cover the fruit company’s mobile OS in much glory.
Of all the loopholes that have been discovered so far, though, this one is arguably the most worrying; especially given that it potentially exposes your entire contact list and allows the intruder to make calls or send texts / emails to said contacts at will.
The credit for this particular discovery goes to Sherif Hashim, and according to his research, affects iPhones running on the very latest iOS 7.1.1. If you happen to own an up-to-date iPhone and stick with the default setting of enabling Siri on the lock screen, all anybody would need to do is reel off a “Call,” “Text,” or “Email” command, tap in the first letter of a contact, and Siri would get right to it. After tapping the first letter, an intruder could narrow things down by hitting the “Other” option, which would, in turn, expose the whole list of contacts.
Even though Apple has dropped some clangers in the past in relation to the lock screen, this very replicable, incredibly simple trick shows a degree of incompetence that you mightn’t ordinarily associate with Apple.
If you’re particularly alarmed by the thought of somebody sneaking into your contacts and sending messages to folks without your consent, then your best course of action is to disable Siri on the lock screen entirely, and wait for Apple to fix the trick.
Hopefully, we won’t be waiting for too long for a remedial update, and will let you know as and when one arrives.
You might also like to check out:
- Download iOS 7.1.1 IPSW For iPhone And iPad [Download Links]
- iOS 7.0 – 7.1.1 Does Not Encrypt Email Attachments, Leaving Them Open For Everyone To See