How Siri leaks your private iPhone messages, and how to stop her

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
A Brazilian Mac magazine – it’s called MacMagazine – claims to have uncovered a security hole in iOS 11.

The bug could allow a crook to access private messages right from the lockscreen, using a “hack” that is going to make you groan with a sense of déjà vu when you learn that it is no more complicated than saying…

…”Hey, Siri.”
If you’ve followed our recommendations over the years, you will long ago have banned as much as possible from your lockscreen.

After all, it’s meant to be a LOCK screen that LOCKS your phone, not merely a cautious front end that gives you partial access to some features of some apps.

We accept that there are regulatory reasons why a lockscreen isn’t allowed to lock out absolutely everything: in an crisis, you want to be able to dial 112, 911, 999, 000 or whatever the relevant emergency number is without fumbling your way through an unlock code first.

But most people like their phone to display a clock when it’s locked – a feature that’s admittedly very convenient – and once you have made one exception, it’s easy to get sucked into a maze of other lockscreen exceptions, including allowing alarms to go off, accessing the camera, and popping up notifications about messages that are worth unlocking your phone to read.
We haven’t tested out the details of this new bug ourselves, but the security hole seems to open up if you have:

  • Siri turned on.
  • Siri enabled on your lockscreen.
  • Siri set to activate when you say “Hey, Siri.”
  • One or more messaging apps set to Allow Notifications.
  • Those apps set to Show Previews When Unlocked.
We suspect that this is a common configuration – notifications on the lockscreen are only supposed to point out that you have messages to look at, so you’re not leaking any actual message content while your phone is locked.

What to do?
Apple famously gives release dates for its security updates by actually releasing them, hiding behind its official policy that “for our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.”

In this case, Apple has apparently gone slightly off-piste by admitting to the bug and saying it’s working on a fix – but that’s all we know so far.

So, in the meantime, here are some workarounds.

(Note that we suggest using some or all of these settings anyway, even after this bug is patched, on the grounds that when it comes to lockscreen functionality, less is always more.)
 
  • Like
Reactions: harlan4096

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top