Siri glitch lets hackers bypass iPhone lock screen in iOS 7.1.1

  • Tweet  
  • LinkedIn  
  • Facebook  
  • Google plus  
  • Send to Kindle
  • Send to  

Apple iPhone 5S in space grey gold and silverA RESEARCHER HAS DISCOVERED an exploit in iOS 7.1.1 that allows hackers to bypass the iPhone's lock screen to send a text, email or call contacts simply by activating Siri.

Egyptian neurosurgeon and part-time white hat hacker Shefif Hashim discovered the glitch earlier this week and posted a Youtube video (below) detailing the steps of the iOS exploit.

In the video, Hashim first tried and failed to unlock an iPhone 5S using its built-in fingerprint sensor, showing that the phone was locked. He then activated Siri and tried to access the iPhone's contact list by barking "Contacts" at the digital assistant, but Siri responded by saying, "You'll need to unlock your iPhone first."

Hashim went on to show how easy it is to skirt around Siri's advice, and instead asked the assistant to "Call", which prompted Siri to ask "With whom would you like to speak?" - allowing Hashim, and anyone else aware of the flaw, to search the iPhone's contacts list.

It is thought that this exploit can be replicated on any iPhone 5S handset running iOS 7.1.1, and while it doesn't give hackers access to other areas of the handset, this flaw likely will have some iPhone users worried.

Apple has yet to respond to the report, but likely will patch it in a future software upgrade, much like it has with similar exploits.

Earlier this year, for example, it was uncovered that by using a precisely timed sequence of keypresses, hackers could easily bypass the lock screen in iOS 7 to access a user's personal information.

This year it was also revealed that a glitch in Apple's iOS 7 software allowed hackers to easily disable Find My iPhone without having to enter a password. µ

  • Tweet  
  • LinkedIn  
  • Facebook  
  • Google plus  
  • Send to Kindle
  • Send to  
Visitor comments
Add comments
blog comments powered by Disqus
More on Security
Android L developer preview

Google's Android L will have default encryption too

It won't be outdone by Apple's iOS 8

Cloud Computing Security

Cloudy with a chance of pitfalls: Should business trust the cloud?

iCloud hack heightens concerns

  • Cloud
Apple logo on New York store

Apple switches on iCloud two-factor authentication

Following celebrity images hack

Julian Assange

Wikileaks releases Finfisher malware to help developers defend against it

Assange slams Germany for continuing to sell weaponised malware