Egyptian hacker Shefif Hashim has discovered a glitch in Siri that allows iOS 7.1.1 users to bypass your iPhone’s lock screen.
In a Youtube video, Hashim went through the hack step by step. First attempting unsuccessfully to unlock the device with his fingerprint, he asked Siri to open Contacts, and was again prompted to unlock his device. At this point he simply said “Call”, and iOS granted him access to the phone’s contact list without the need for any security verification whatsoever.
On the face of it, this may not seem like such a big deal. Sure, the exploit doesn’t give you access to the entire phone, that would be a ridiculous failure on Apple’s part, and furthermore, most regular iPhone users might only need to be concerned about a rogue friend causing some friendly trouble on your contacts list.
However the potential damage that this kind of exploit could cause is actually rather harrowing. Thousands, if not millions of iPhone users who work in corporate ventures, security, business, the private sector and more use phones that carry sensitive contact information that isn’t meant for the public eye. I’m sure there are iPhone users out there with contact lists that, should a thief gain access too, could be used to cause a lot of serious damage in one way or another. This exploit might not be so disconcerting to me or you, but actually this is a disturbingly easy way of accessing a lot of information on iOS that really should be kept secure and private.
Of course, now that the exploit has been highlighted, Apple will certainly endeavour to patch the hole in the near future, but this isn’t the first time that Siri had dropped the ball when it comes to security. The friendly assistant has made gaining access to a secure iPhone relatively easy in the past, even allowing a thief to disable Find My iPhone, another key security feature without unlocking the device at all.
Does this exploit worry you? Should Apple be doing more to protect our iPhones from this kind of exploit?
Leave your comments below!
Via: The Inquirer