Siri Security Bug Grants Attackers Access to Contacts & Photos on Locked iPhones

Exterminator

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Content source
http://news.softpedia.com/news/siri-security-bug-grants-attackers-access-to-contacts-photos-on-locked-iphones-502596.shtml
After iOS 9.3.1 was released to fix an annoying activation lock bug in iOS 9.3, it appears that this latest version of Apple's mobile operating system is also plagued by another flaw that affects the user's privacy.

The bug affects iPhone 6s & iPhone 6s Plus models running iOS 9.3.1 and can be exploited via Siri. Attackers can bypass an iPhone's lock screen using a Siri search and access the user's contacts list and private photos.

The security bug is similar to an issue that Apple fixed in September
Jose Rodrigues discovered this issue and made a proof-of-concept video, embedded below. Rodrigues also found a similar problem in iOS 9 last September, when he learned that he could also use Siri to access a phone owner's contact list and photos by asking Siri what the time was.

In his most recent exploit, Rodrigues found that by telling Siri to search on Twitter for various terms, when encountering an email address, he could access menu options allowing him to add the address to an existing contact, without being asked for a password in advance.

From there, he could also choose to add or update the contact's photo, accessing the phone's photo gallery.

Mitigation against the bug's exploitation exists
The trick also works with phone numbers embedded in tweets or any other actionable Contacts data that allows the user to interact with the tweet via 3D Touch actions on a locked iPhone.

The easiest way to mitigate this issue is to disable Siri's lock screen access. iPhone users can do this by going to Settings -> Touch ID & Passcode. Here they'll have to disable the "Allow access when locked" setting.

If you'd like to use Siri for other things when the phone is locked, you can optionally go to Settings -> Twitter and Settings -> Privacy -> Photos and cut off Siri's access to these apps.
Click to expand...
 
  • Like
Reactions: Ink
You must log in or register to reply here.

Similar threads

silversurfer
    • +Reputation
    • Like
New Update iOS 17.2 adds native Journal app and more
Replies
1
Views
424
macOS, iOS & iPadOS
silversurfer
silversurfer
enaph
    • +Reputation
    • Like
New Update macOS 14.4 brings 50+ security fixes, iOS 17.4 patch list expands to over 40
Replies
1
Views
328
macOS, iOS & iPadOS
vtqhtr413
vtqhtr413
Gandalf_The_Grey
    • Like
    • +Reputation
    • Applause
Apple fixes recently disclosed WebKit zero-day on older iPhones
Replies
2
Views
1,324
News Archive
ForgottenSeer 98186
F

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top