Siri Bug Bypasses Apple iPhone And iPad Password Protection

Apple’s Siri can be used to bypass the password protection on iPhones by an unauthorised user, giving access to the user’s data.

A bug in the virtual assistant means a hacker can simply ask Siri the “who am I?” question to prompt it the display the owner’s name and number. From there the unauthorised user can simply call the iPhone and then tap the message icon that enables a new SMS message to be sent to in reply to a missed call from the iPhone lock screen.

The next step is to then tell the iPhone via Siri to “Turn on VoiceOVer” and then return to the message screen, double-tap the interface bar where the contact information is displayed at the same time as tapping on the on-screen keyboard. From there a hacker can click a button to add new photos and contacts which allows them to access all the contacts and photos on the iPhone.

Physical iPhone hacking

The bug exploit was discovered by two dedicated YouTube users, EverythingApplePro and iDeviceHelp, dedicated to posting videos on Apple devices.

While the bug required physical access to an iPhone with Siri enabled on it, the flaw is still a rather significant hole in the normally robust security mechanisms put in place by Apple.

The YouTubers claim the bug affects iPhones and iPads running Apple’s iOS 8 or higher versions of the mobile operating system.

Given that iPhones are often used by members of the government and civil servants, were an iPhone to be left on a train, much like what happened to a laptop containing sensitive government information several years ago, it could lead to the contact data of members of government to get stolen and exploited by malicious actors.

Apple has yet to respond to the flaw but it is likely the flaw will be patched relatively rapidly.

This is not the first time security bypassing bugs have been discovered in Siri which allow iPhone lock screens to be bypassed without inputting a password.

Quiz: What do you know about cybersecurity in 2016?

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Google Ordered To Pay $43m By Australian Court

Search engine Google fined $43 million by Australian court for tracking Android users location data…

2 days ago

Hacker Touts Data Sale Of 48.5m Users Of Covid App – Report

Personal data of 48.5 million Chinese citizens who used Shanghai's Covid App, is being offered…

3 days ago

Facebook Tests Default End-to-End Encryption For Messenger

Privacy move. Platform tests secure storage of people's chats on Messenger, in a move sure…

3 days ago

UK’s CMA Begins Probe Of Viasat Acquisition Of Inmarsat

British competition regulator the CMA, begins phase one investigation of $7.3 billion merger between Inmarsat…

3 days ago

Cisco Admits ‘Security Incident’ After Breach Of Corporate Network

Yanluowang ransomware hackers claim credit for compromise of Cisco's corporate network in May, while Cisco…

3 days ago

Google Seeks To Shame Apple Over RCS Refusal

Good luck convincing Tim. Google begins publicity campaign to pressure Aple into adopting the cross…

3 days ago