Just days after Apple released iOS 7, researchers from web security company Cenzic say they have found a security flaw stemming from Apple’s voice-activated personal assistant Siri, that allows anyone to bypass controls on a locked iPhone and perform a number of actions.
According to Cenzic, security engineers Abhishek Rahirikar and Michael Yuen were able to use Siri to post to Facebook and Twitter, send messages and emails, make calls, and access contact information, all on a locked iPhone.
Rahirikar and Yuen discovered the vulnerability on Thursday.
Some actions that the researchers were able to perform on a locked iPhone include the ability to:
• Call any phone
• Send messages using iPhone owner’s identity
• Send email using iPhone owner’s
• View calling history
• View limited contacts
• Discover personal information of contacts with common, easily-guessed names
• Post to Twitter
• Post to Facebook
• Get addresses saved in Apple Maps
Source
According to Cenzic, security engineers Abhishek Rahirikar and Michael Yuen were able to use Siri to post to Facebook and Twitter, send messages and emails, make calls, and access contact information, all on a locked iPhone.
Rahirikar and Yuen discovered the vulnerability on Thursday.
Some actions that the researchers were able to perform on a locked iPhone include the ability to:
• Call any phone
• Send messages using iPhone owner’s identity
• Send email using iPhone owner’s
• View calling history
• View limited contacts
• Discover personal information of contacts with common, easily-guessed names
• Post to Twitter
• Post to Facebook
• Get addresses saved in Apple Maps
Source
