Advertisement

Article

Siri exploit lets anyone text or call your contacts from the lockscreen

Siri exploit lets anyone text or call your contacts from the lockscreen
Lewis Leong

Lewis Leong

  • Updated:

Another security vulnerability has been discovered within iOS. Siri is to blame this time, allowing anyone to call or text your contacts in just a few steps.

Neurosurgeon and “part-time hacker” Sheriff Hashim discovered the Siri bug in iOS 7.1.1. The trick involves activating Siri from the lock screen and asking her to “Call” or “Text.” A dialog will appear at the top right of the screen that allows users to edit the voice command. Add a random letter or name into the field and hit enter. With any luck, Siri will ask you to clarify who you want to reach with an option to view other contacts. And with that, you have access to a person’s full contact list without his or her password.

I was able to replicate the bug using an iPhone 5 running iOS 7.1.1. My first attempts were stopped when I failed to use a letter that was contained in my victim’s contact list. I entered her last name and Siri asked me to clarify who to call, allowing me access to her entire contacts list.

It’s unlikely this exploit will be used since it requires physical access to your phone and knowing a bit about your victim. But if you have friends who like playing pranks, this exploit is extremely simple to use.

Apple has not responded about this exploit. Lockscreen security flaws are nothing new for the company and are usually patched quickly. In the meantime, you can disable Siri on the lockscreen to protect yourself from this bug. To disable Siri in the lock screen, launch the Settings app and tap on “Passcode.” Toggle “ALLOW ACCESS WHEN LOCKED” to disable the feature.

Source: NBC News

Via: Gizmodo

RELATED STORIES

Lewis Leong

Lewis Leong

Latest from Lewis Leong

Editorial Guidelines