iPhone Vulnerability — Be Aware!

Don’t allow Siri to be available at the Lock Screen, for now!

Many of us hold Apple and it’s devices up as trophies proving that brands care about customers, and make devices and platforms that our inviolable. The world over, people consider Apple-ware as the epitome of device and data security.

Well, not always.

And it stands to reason — the impregnable are the most vulnerable, especially in this world rife with hackers who live and breathe to make their name by achieving the hitherto “impossible”.

If you’re one of those that presumes that no one can bypass your iPhone’s security, well, you’re in the wrong, my friend.

Hackers can bypass the security on your iPhone even without knowing your passcode. Wondering how is that possible? Well, ironically, Apple’s own Siri is the culprit!

Graham Cluley, security expert further elaborated upon the issue claiming that the voice activated software of iPhone does puts it at risk. Per him, the bypassing of the security infrastructure works on those iPhones that have Siri enabled on the lock screen and the only requirement to crack the security is a mere physical access to the device.

Popular tech YouTuber iDeviceHelp unveiled this piece of important information as he explained how using the exploit, nefarious hackers can access one’s contacts, message logs and photos.

Anyone in possession of your iPhone can take advantage of Siri to obtain your own phone number. If Siri is enabled on the device’s lock-screen, a simple question — “Who am I?” — will prompt the phone to reply with the owner’s name and number. They will then call the phone from another device and as a consequence can get access to your iMessages without even unlocking your iPhone.

Next, the perpetrator will double-tap the contact info bar and hold the second tap on the bar as he clicks on the keyboard at the same time. The key element is timing, if the steps are timed properly, then the hacker can easily exploit sensitive information on your phone after a few tries. The hacker can then access your contacts and photos — even when your device remains locked.

The models most vulnerable to this attack are supposedly the iPhone SE, iPhone 6 Plus and the iPhone 6s Plus; but some reports claim that any iPhone that uses iOS 8.0 and higher is also susceptible to the exploit.

The glitch has already been brought to the attention of Apple, but till they patch this, you need to protect yourself. To do that, go to Touch ID and Passcode settings option in Settings and disabling Siri In Locked Mode.

So the long and short of it disable siri from your lock screen right now.

It is not that this is the first time such a glitch appeared on the iPhone. Previously in April, a bug, again related to Siri, plagued the iPhone 6s and 6s Plus running iOS version 9.3.1. The YouTuber “EverythingApplePro” explained the trick which at the time involved invoking Siri on a locked iPhone 6s or 6s Plus asking it to perform a Twitter search, finding a tweet that contains an email address, and then using the phone’s 3D Touch capabilities to enter either into the phone’s contacts or photos.
However this was brought to Apple’s attention and the company resolved the issue very soon by issuing a software update to patch the vulnerability.

As I close, it is at times like this, that I wonder, how people have all the time to study, poke and identify vulnerabilities in platforms — it much be quite finger and mind-numbing to try all those permutations and combinations, to find some little keyhole that the software manufacturer didn’t even know existed!

I don’t know about you, but sometimes, even finding my slippers in the morning seems like a witch-hunt to me! I don’t get how these hackers have all that patience, and curiosity! But we, and many million other iPhone users owe them our gratitude — as it is their curiosity that’s keeping us safe. Good samaritans, you guys are!

Originally published at Chip-Monks.