Siri Bug Bypasses Apple iPhone And iPad Password Protection

Apple’s Siri can be used to bypass the password protection on iPhones by an unauthorised user, giving access to the user’s data.

A bug in the virtual assistant means a hacker can simply ask Siri the “who am I?” question to prompt it the display the owner’s name and number. From there the unauthorised user can simply call the iPhone and then tap the message icon that enables a new SMS message to be sent to in reply to a missed call from the iPhone lock screen.

The next step is to then tell the iPhone via Siri to “Turn on VoiceOVer” and then return to the message screen, double-tap the interface bar where the contact information is displayed at the same time as tapping on the on-screen keyboard. From there a hacker can click a button to add new photos and contacts which allows them to access all the contacts and photos on the iPhone.

Physical iPhone hacking

The bug exploit was discovered by two dedicated YouTube users, EverythingApplePro and iDeviceHelp, dedicated to posting videos on Apple devices.

While the bug required physical access to an iPhone with Siri enabled on it, the flaw is still a rather significant hole in the normally robust security mechanisms put in place by Apple.

The YouTubers claim the bug affects iPhones and iPads running Apple’s iOS 8 or higher versions of the mobile operating system.

Given that iPhones are often used by members of the government and civil servants, were an iPhone to be left on a train, much like what happened to a laptop containing sensitive government information several years ago, it could lead to the contact data of members of government to get stolen and exploited by malicious actors.

Apple has yet to respond to the flaw but it is likely the flaw will be patched relatively rapidly.

This is not the first time security bypassing bugs have been discovered in Siri which allow iPhone lock screens to be bypassed without inputting a password.

Quiz: What do you know about cybersecurity in 2016?

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Mark Zuckerberg Overtakes Bezos To Become Second-Richest Man

Billionaire battle. Meta's boss Mark Zuckerberg overtakes Jeff Bezos to become the world’s second richest…

11 hours ago

US, Microsoft Disrupts Russian FSB Hackers

Internet domains used by “Russian intelligence agents and their proxies” for cyberattacks, seized by the…

14 hours ago

Mike Lynch Died From Drowning, Coroner Inquest Rules

UK's tech billionaire Dr Mike Lynch died from drowning on his superyacht, but his daughter's…

16 hours ago

Tesla Recalls 27,000 Cybertrucks Over Rear Camera Issue

Another recall for thousands of Tesla Cybertrucks over delay with rear camera, with could hamper…

1 day ago

Browser Firms Press EU To Reconsider Microsoft Edge As Gatekeeper

Browser firms write to European Commission alleging Microsoft's Edge web browser enjoys an unfair advantage

1 day ago

Microsoft Invests €4.3 Billion In Italy For AI, Cloud

Data centre and AI spending spree continues over at Microsoft, with Italy earmarked for €4.3…

1 day ago