Apple’s Siri can be used to bypass the password protection on iPhones by an unauthorised user, giving access to the user’s data.
A bug in the virtual assistant means a hacker can simply ask Siri the “who am I?” question to prompt it the display the owner’s name and number. From there the unauthorised user can simply call the iPhone and then tap the message icon that enables a new SMS message to be sent to in reply to a missed call from the iPhone lock screen.
The next step is to then tell the iPhone via Siri to “Turn on VoiceOVer” and then return to the message screen, double-tap the interface bar where the contact information is displayed at the same time as tapping on the on-screen keyboard. From there a hacker can click a button to add new photos and contacts which allows them to access all the contacts and photos on the iPhone.
While the bug required physical access to an iPhone with Siri enabled on it, the flaw is still a rather significant hole in the normally robust security mechanisms put in place by Apple.
The YouTubers claim the bug affects iPhones and iPads running Apple’s iOS 8 or higher versions of the mobile operating system.
Given that iPhones are often used by members of the government and civil servants, were an iPhone to be left on a train, much like what happened to a laptop containing sensitive government information several years ago, it could lead to the contact data of members of government to get stolen and exploited by malicious actors.
Apple has yet to respond to the flaw but it is likely the flaw will be patched relatively rapidly.
This is not the first time security bypassing bugs have been discovered in Siri which allow iPhone lock screens to be bypassed without inputting a password.
Quiz: What do you know about cybersecurity in 2016?
Billionaire battle. Meta's boss Mark Zuckerberg overtakes Jeff Bezos to become the world’s second richest…
Internet domains used by “Russian intelligence agents and their proxies” for cyberattacks, seized by the…
UK's tech billionaire Dr Mike Lynch died from drowning on his superyacht, but his daughter's…
Another recall for thousands of Tesla Cybertrucks over delay with rear camera, with could hamper…
Browser firms write to European Commission alleging Microsoft's Edge web browser enjoys an unfair advantage
Data centre and AI spending spree continues over at Microsoft, with Italy earmarked for €4.3…