Siri glitch lets hackers bypass iPhone lock screen in iOS 7.1.1

  • Tweet  
  • LinkedIn  
  • Facebook  
  • Google plus  
  • Send to Kindle
  • Send to  

Apple iPhone 5S in space grey gold and silverA RESEARCHER HAS DISCOVERED an exploit in iOS 7.1.1 that allows hackers to bypass the iPhone's lock screen to send a text, email or call contacts simply by activating Siri.

Egyptian neurosurgeon and part-time white hat hacker Shefif Hashim discovered the glitch earlier this week and posted a Youtube video (below) detailing the steps of the iOS exploit.

In the video, Hashim first tried and failed to unlock an iPhone 5S using its built-in fingerprint sensor, showing that the phone was locked. He then activated Siri and tried to access the iPhone's contact list by barking "Contacts" at the digital assistant, but Siri responded by saying, "You'll need to unlock your iPhone first."

Hashim went on to show how easy it is to skirt around Siri's advice, and instead asked the assistant to "Call", which prompted Siri to ask "With whom would you like to speak?" - allowing Hashim, and anyone else aware of the flaw, to search the iPhone's contacts list.

It is thought that this exploit can be replicated on any iPhone 5S handset running iOS 7.1.1, and while it doesn't give hackers access to other areas of the handset, this flaw likely will have some iPhone users worried.

Apple has yet to respond to the report, but likely will patch it in a future software upgrade, much like it has with similar exploits.

Earlier this year, for example, it was uncovered that by using a precisely timed sequence of keypresses, hackers could easily bypass the lock screen in iOS 7 to access a user's personal information.

This year it was also revealed that a glitch in Apple's iOS 7 software allowed hackers to easily disable Find My iPhone without having to enter a password. µ

  • Tweet  
  • LinkedIn  
  • Facebook  
  • Google plus  
  • Send to Kindle
  • Send to  
Visitor comments
Add comments
blog comments powered by Disqus
More on Security
Digital security padlock red image

IBM releases hive mind of cyber threat information to save us all

Cloud-based real-time threat analysis could help beat the baddies

Google Chrome logo

Google boots 200 dodgy apps from the Chrome Web Store

Looks to end a cyber-Chrome spree

cyber-security-2-web

Singtel scoops up Trustwave for $810m to boost cyber security credentials

Firm also looks to boost cloud and managed services portfolio

dark-hoodie

Russia reportedly hacked White House computer systems last year

Attackers 'accessed information on president Obama's appointments and movements'