Siri glitch lets hackers bypass iPhone lock screen in iOS 7.1.1

  • Tweet  
  • LinkedIn  
  • Facebook  
  • Google plus  
  • Send to Kindle
  • Send to  

Apple iPhone 5S in space grey gold and silverA RESEARCHER HAS DISCOVERED an exploit in iOS 7.1.1 that allows hackers to bypass the iPhone's lock screen to send a text, email or call contacts simply by activating Siri.

Egyptian neurosurgeon and part-time white hat hacker Shefif Hashim discovered the glitch earlier this week and posted a Youtube video (below) detailing the steps of the iOS exploit.

In the video, Hashim first tried and failed to unlock an iPhone 5S using its built-in fingerprint sensor, showing that the phone was locked. He then activated Siri and tried to access the iPhone's contact list by barking "Contacts" at the digital assistant, but Siri responded by saying, "You'll need to unlock your iPhone first."

Hashim went on to show how easy it is to skirt around Siri's advice, and instead asked the assistant to "Call", which prompted Siri to ask "With whom would you like to speak?" - allowing Hashim, and anyone else aware of the flaw, to search the iPhone's contacts list.

It is thought that this exploit can be replicated on any iPhone 5S handset running iOS 7.1.1, and while it doesn't give hackers access to other areas of the handset, this flaw likely will have some iPhone users worried.

Apple has yet to respond to the report, but likely will patch it in a future software upgrade, much like it has with similar exploits.

Earlier this year, for example, it was uncovered that by using a precisely timed sequence of keypresses, hackers could easily bypass the lock screen in iOS 7 to access a user's personal information.

This year it was also revealed that a glitch in Apple's iOS 7 software allowed hackers to easily disable Find My iPhone without having to enter a password. µ

  • Tweet  
  • LinkedIn  
  • Facebook  
  • Google plus  
  • Send to Kindle
  • Send to  
Visitor comments
Add comments
blog comments powered by Disqus
More on Security
https-google

Google Chrome engineers propose a non-secure site alert

Affirmative action over HTTPS laggards

blue screen of death windows 8 crash BSOD

Microsoft issues fresh update to fix bugs caused by December Patch Tuesday

Applies to computers running Windows 7 Service Pack 1 and Windows Server 2008 R2

Security threats - password theft

FIDO Alliance taps a nail in the coffin of complex passwords

Thumb thing for the weak end

facebook-mobile-blue

Facebook teams with ESET to combat growing malware threat

Social network launches third free anti-virus scanner