What's new

New iOS Lock Screen Exploit Discovered

Maura

iPhoneForums.Net News Team
Staff member
Joined
Jun 18, 2010
Messages
4,891
Reaction score
1,050
New iOS Lock screen exploit discovered.JPG

A new iOS lock screen exploit has been discovered by YouTuber iDeviceHelp, according to iDownload Blog. The bug lets anyone who has your iPhone or iPad bypass the passcode and access your contacts and photos. iDeviceHelp has already informed Apple of the exploit, which should be fixed in a forthcoming update.

In order for someone with malicious intent to gain access to a phone in their possession, all they have to do is first press and hold the Home button on the phone they want to access and then ask Siri “Who am I?” Provided that the owner of the phone has not disabled Siri access on the Lock screen, a contact card for the owner of the phone will pop up with their phone number and any iMessage e-mail addresses associated with the phone. Then you use another phone to launch FaceTime and call the number of the first phone that you just obtained. When that phone rings, tap the Message icon on their Lock screen and choose the “Custom” option in the “Respond with:” menu.

Without going into all the steps required to execute the exploit from this point onwards, it basically requires double-tapping the contact info bar, and then immediately clicking on the keyboard, but it has to be done very quickly in order for the exploit to work.

Also reporting on the story, AppleInsider said that it had been able to make the attack work on an iPhone SE, iPhone 6 Plus, and iPhone 6s Plus, but not the iPhone 7 or iPhone 7 Plus.

Another YouTuber, EverythingApplePro, says that the exploit can be carried out on any phone, going as far back as iOS 8.0.

Until Apple releases a fix for the exploit, it’s best to disable Siri when your phone is locked via the Touch ID and Passcode preferences, and/or take extra care that your iPhone or iPad doesn’t get into the hands of anyone untrustworthy.

Source: New Lock screen bug bypasses iPhone/iPad passcode, lets you see photos/contacts
 
 

A new iOS lock screen exploit has been discovered by YouTuber iDeviceHelp, according to iDownload Blog. The bug lets anyone who has your iPhone or iPad bypass the passcode and access your contacts and photos. iDeviceHelp has already informed Apple of the exploit, which should be fixed in a forthcoming update.

In order for someone with malicious intent to gain access to a phone in their possession, all they have to do is first press and hold the Home button on the phone they want to access and then ask Siri “Who am I?” Provided that the owner of the phone has not disabled Siri access on the Lock screen, a contact card for the owner of the phone will pop up with their phone number and any iMessage e-mail addresses associated with the phone. Then you use another phone to launch FaceTime and call the number of the first phone that you just obtained. When that phone rings, tap the Message icon on their Lock screen and choose the “Custom” option in the “Respond with:” menu.

Without going into all the steps required to execute the exploit from this point onwards, it basically requires double-tapping the contact info bar, and then immediately clicking on the keyboard, but it has to be done very quickly in order for the exploit to work.

Also reporting on the story, AppleInsider said that it had been able to make the attack work on an iPhone SE, iPhone 6 Plus, and iPhone 6s Plus, but not the iPhone 7 or iPhone 7 Plus.

Another YouTuber, EverythingApplePro, says that the exploit can be carried out on any phone, going as far back as iOS 8.0.

Until Apple releases a fix for the exploit, it’s best to disable Siri when your phone is locked via the Touch ID and Passcode preferences, and/or take extra care that your iPhone or iPad doesn’t get into the hands of anyone untrustworthy.

Source: New Lock screen bug bypasses iPhone/iPad passcode, lets you see photos/contacts

Presumably for this hack to work the voice would have to be similar to the owner's or Siri would just ignore it?
 
Or maybe just the same language, does Siri understand dialects? As a matter of interest it's turned off on my iPhone anyway it just gets on my nerves
 
Or maybe just the same language, does Siri understand dialects? As a matter of interest it's turned off on my iPhone anyway it just gets on my nerves

Good question. Siri does not understand me unless I switch to British English, yet there are quite a range of Canadian accents. It's surprising that there is apparently so much difference as far as voice recognition software is concerned, and even more surprising that my (Midlands) accent is recognizable by the same software as that which recognizes accents from other parts of the UK which vary wildly to my ear.
 
Strange my German is by no means perfect, when l talk to Germans they know straight away l'm foreigner.
Just tried an experiment on an iPhone 7 both Siri and Google recognised my question. Which was how far is London. Wie weit ist London
 
Siri accepts my English as well. It's set to UK English, but I've been told years ago that my English is more like that from the USA. Additionally, I'm sure I have an Austrian accent when I speak English. I don't use Siri very much, but he does understand what I'm telling him.
 
Siri accepts my English as well. It's set to UK English, but I've been told years ago that my English is more like that from the USA. Additionally, I'm sure I have an Austrian accent when I speak English. I don't use Siri very much, but he does understand what I'm telling him.

There you have your answer. Siri'S gender is crucial. Men listen to women.
 
I don't even use Siri. I've tried it several times and come to realize she's not all the helpful.
 
I don't even use Siri. I've tried it several times and come to realize she's not all the helpful.

Have you also tried Google microphone, on Siri for example when l need help spelling a word, l get a list of websites.
On Google the word is spelt out for me.
 
This is a response to the exact issue addressed in the original post.

To eliminate this issue, change your Siri settings. Go to Siri and scroll down to the very next to last option, way down. Turn off the my info. If you already have a contact connected, read on.

If you already have a contact connected to Siri, delete your contact information Siri is connected to in contacts. Go back to Siri settings and confirm it is back to "None" for "My Information" and then you can put your contact information back into contacts.

You can use Siri without worry if you have My Information set to None in Siri's settings.
 
This is a response to the exact issue addressed in the original post.

To eliminate this issue, change your Siri settings. Go to Siri and scroll down to the very next to last option, way down. Turn off the my info. If you already have a contact connected, read on.

If you already have a contact connected to Siri, delete your contact information Siri is connected to in contacts. Go back to Siri settings and confirm it is back to "None" for "My Information" and then you can put your contact information back into contacts.

You can use Siri without worry if you have My Information set to None in Siri's settings.
You don't have to do all that. All you have to do to protect your iPhone from the exploit is to not allow access to Siri on the lock screen.
 
I wonder why Siri is enabled to be used with the lock screen by default when it is turned on. I just turned it on on my iPad Air for the first time and it was set to use when the screen is locked by default when it is turned on. I set it to "off" for the lock screen use on both devices. They should have a popup come up with a caution about allowing lock screen use and having the My Information connected to your contacts list. It is a lot of effort to do what the original poster stated. Apple probably should also move the My Information setting right up there beneath the Allow in Lock screen use as the two are connected, in a way.

Thanks for that information. I hope others who have been following this thread see your reply.
 
Siri is very useful from the lock screen, particularly when using the "Hey Siri" function.
 
Top