What's new

New iOS Lock Screen Exploit Discovered

Maura

iPhoneForums.Net News Team
Staff member
Joined
Jun 18, 2010
Messages
4,891
Reaction score
1,049
New iOS Lock screen exploit discovered.JPG

A new iOS lock screen exploit has been discovered by YouTuber iDeviceHelp, according to iDownload Blog. The bug lets anyone who has your iPhone or iPad bypass the passcode and access your contacts and photos. iDeviceHelp has already informed Apple of the exploit, which should be fixed in a forthcoming update.

In order for someone with malicious intent to gain access to a phone in their possession, all they have to do is first press and hold the Home button on the phone they want to access and then ask Siri “Who am I?” Provided that the owner of the phone has not disabled Siri access on the Lock screen, a contact card for the owner of the phone will pop up with their phone number and any iMessage e-mail addresses associated with the phone. Then you use another phone to launch FaceTime and call the number of the first phone that you just obtained. When that phone rings, tap the Message icon on their Lock screen and choose the “Custom” option in the “Respond with:” menu.

Without going into all the steps required to execute the exploit from this point onwards, it basically requires double-tapping the contact info bar, and then immediately clicking on the keyboard, but it has to be done very quickly in order for the exploit to work.

Also reporting on the story, AppleInsider said that it had been able to make the attack work on an iPhone SE, iPhone 6 Plus, and iPhone 6s Plus, but not the iPhone 7 or iPhone 7 Plus.

Another YouTuber, EverythingApplePro, says that the exploit can be carried out on any phone, going as far back as iOS 8.0.

Until Apple releases a fix for the exploit, it’s best to disable Siri when your phone is locked via the Touch ID and Passcode preferences, and/or take extra care that your iPhone or iPad doesn’t get into the hands of anyone untrustworthy.

Source: New Lock screen bug bypasses iPhone/iPad passcode, lets you see photos/contacts
 
OP
Maura

Maura

iPhoneForums.Net News Team
Staff member
Joined
Jun 18, 2010
Messages
4,891
Reaction score
1,049
 

carolineM

Well-Known Member
Joined
Sep 20, 2015
Messages
3,300
Reaction score
2,099

A new iOS lock screen exploit has been discovered by YouTuber iDeviceHelp, according to iDownload Blog. The bug lets anyone who has your iPhone or iPad bypass the passcode and access your contacts and photos. iDeviceHelp has already informed Apple of the exploit, which should be fixed in a forthcoming update.

In order for someone with malicious intent to gain access to a phone in their possession, all they have to do is first press and hold the Home button on the phone they want to access and then ask Siri “Who am I?” Provided that the owner of the phone has not disabled Siri access on the Lock screen, a contact card for the owner of the phone will pop up with their phone number and any iMessage e-mail addresses associated with the phone. Then you use another phone to launch FaceTime and call the number of the first phone that you just obtained. When that phone rings, tap the Message icon on their Lock screen and choose the “Custom” option in the “Respond with:” menu.

Without going into all the steps required to execute the exploit from this point onwards, it basically requires double-tapping the contact info bar, and then immediately clicking on the keyboard, but it has to be done very quickly in order for the exploit to work.

Also reporting on the story, AppleInsider said that it had been able to make the attack work on an iPhone SE, iPhone 6 Plus, and iPhone 6s Plus, but not the iPhone 7 or iPhone 7 Plus.

Another YouTuber, EverythingApplePro, says that the exploit can be carried out on any phone, going as far back as iOS 8.0.

Until Apple releases a fix for the exploit, it’s best to disable Siri when your phone is locked via the Touch ID and Passcode preferences, and/or take extra care that your iPhone or iPad doesn’t get into the hands of anyone untrustworthy.

Source: New Lock screen bug bypasses iPhone/iPad passcode, lets you see photos/contacts

Presumably for this hack to work the voice would have to be similar to the owner's or Siri would just ignore it?
 

brixtonboy

Well-Known Member
Joined
Oct 29, 2015
Messages
2,352
Reaction score
2,126
Or maybe just the same language, does Siri understand dialects? As a matter of interest it's turned off on my iPhone anyway it just gets on my nerves
 

KevinJS

Super Moderator
Staff member
Joined
Mar 20, 2012
Messages
2,316
Reaction score
1,980
Location
Alberta Canada
Or maybe just the same language, does Siri understand dialects? As a matter of interest it's turned off on my iPhone anyway it just gets on my nerves

Good question. Siri does not understand me unless I switch to British English, yet there are quite a range of Canadian accents. It's surprising that there is apparently so much difference as far as voice recognition software is concerned, and even more surprising that my (Midlands) accent is recognizable by the same software as that which recognizes accents from other parts of the UK which vary wildly to my ear.
 

brixtonboy

Well-Known Member
Joined
Oct 29, 2015
Messages
2,352
Reaction score
2,126
Strange my German is by no means perfect, when l talk to Germans they know straight away l'm foreigner.
Just tried an experiment on an iPhone 7 both Siri and Google recognised my question. Which was how far is London. Wie weit ist London
 

J. A.

Administrator
Staff member
Joined
Oct 26, 2014
Messages
23,198
Reaction score
36,014
Location
Apetlon, Austria
Siri accepts my English as well. It's set to UK English, but I've been told years ago that my English is more like that from the USA. Additionally, I'm sure I have an Austrian accent when I speak English. I don't use Siri very much, but he does understand what I'm telling him.
 

KevinJS

Super Moderator
Staff member
Joined
Mar 20, 2012
Messages
2,316
Reaction score
1,980
Location
Alberta Canada
Siri accepts my English as well. It's set to UK English, but I've been told years ago that my English is more like that from the USA. Additionally, I'm sure I have an Austrian accent when I speak English. I don't use Siri very much, but he does understand what I'm telling him.

There you have your answer. Siri'S gender is crucial. Men listen to women.
 

03hdfatboy

Well-Known Member
Joined
Jun 30, 2010
Messages
627
Reaction score
828
Location
Arizona
I don't even use Siri. I've tried it several times and come to realize she's not all the helpful.
 

brixtonboy

Well-Known Member
Joined
Oct 29, 2015
Messages
2,352
Reaction score
2,126
I don't even use Siri. I've tried it several times and come to realize she's not all the helpful.

Have you also tried Google microphone, on Siri for example when l need help spelling a word, l get a list of websites.
On Google the word is spelt out for me.
 

Puzzled

Member
Joined
Mar 26, 2013
Messages
56
Reaction score
10
This is a response to the exact issue addressed in the original post.

To eliminate this issue, change your Siri settings. Go to Siri and scroll down to the very next to last option, way down. Turn off the my info. If you already have a contact connected, read on.

If you already have a contact connected to Siri, delete your contact information Siri is connected to in contacts. Go back to Siri settings and confirm it is back to "None" for "My Information" and then you can put your contact information back into contacts.

You can use Siri without worry if you have My Information set to None in Siri's settings.
 

scifan57

Administrator
Staff member
Joined
Sep 24, 2012
Messages
30,982
Reaction score
35,640
Location
Regina, Canada
This is a response to the exact issue addressed in the original post.

To eliminate this issue, change your Siri settings. Go to Siri and scroll down to the very next to last option, way down. Turn off the my info. If you already have a contact connected, read on.

If you already have a contact connected to Siri, delete your contact information Siri is connected to in contacts. Go back to Siri settings and confirm it is back to "None" for "My Information" and then you can put your contact information back into contacts.

You can use Siri without worry if you have My Information set to None in Siri's settings.
You don't have to do all that. All you have to do to protect your iPhone from the exploit is to not allow access to Siri on the lock screen.
 

Puzzled

Member
Joined
Mar 26, 2013
Messages
56
Reaction score
10
I wonder why Siri is enabled to be used with the lock screen by default when it is turned on. I just turned it on on my iPad Air for the first time and it was set to use when the screen is locked by default when it is turned on. I set it to "off" for the lock screen use on both devices. They should have a popup come up with a caution about allowing lock screen use and having the My Information connected to your contacts list. It is a lot of effort to do what the original poster stated. Apple probably should also move the My Information setting right up there beneath the Allow in Lock screen use as the two are connected, in a way.

Thanks for that information. I hope others who have been following this thread see your reply.
 

KevinJS

Super Moderator
Staff member
Joined
Mar 20, 2012
Messages
2,316
Reaction score
1,980
Location
Alberta Canada
Siri is very useful from the lock screen, particularly when using the "Hey Siri" function.
 
Top