k_Street Consulting, LLC Blog
Alert: Siri’s Leaking Secrets - iPhone Lock Screen Vulnerability
Apple's iOS 7.1.1. operating system has been affected by a series of bugs throughout this month. The first bug was emails being sent unencrypted, but now a new threat lurks in the shadows - a lock screen flaw that allows hackers to access your contacts list without unlocking the phone.
The flaw was discovered by Egyptian programmer Sherif Hashim, who has posted this video on his Youtube channel in order to show the steps required for doing so:
Hashim first attempts to use Siri's "contacts" command, which fails. Siri denies his request, telling him that he must first enter a password and unlock the phone. However, Hashim tries it again with a different command - "call". Using this command, Hashim was able to access the contacts list when bringing up the "Other..." menu, which appears when searching for a contact with a duplicate name.
It is thought that the flaw can be found in any iOS system running Siri, but it should be known that this flaw can reveal more than phone numbers. Hackers can potentially steal any information found on the contact card. This can reveal the address, phone number, Facebook page, and much more. You could basically be inviting hackers into your social life if they were allowed to get their grubby mitts on your phone.
Thankfully, that is the only way to exploit this vulnerability. The hacker must have physical access to your phone, and they can't access your phone remotely due to Siri being necessary to activate the vulnerability. It is recommended that you deactivate Siri from the lock screen via the Passcode options in the General settings of the device. This will prevent thieves from coaxing information out of Siri with their sugar-coated words.
You can always count on k_Street Consulting, LLC to deliver the latest news concerning vulnerabilities, patches, and updates directly to you. We'll arm you with knowledge about the latest threats and security breaches. Call k_Street Consulting, LLC at (202) 640-2737 today and find out what we can do for your IT as well!
Comments