k_Street Consulting, LLC Blog

k_Street Consulting, LLC has been serving the Washington area since 2009, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Alert: Siri’s Leaking Secrets - iPhone Lock Screen Vulnerability

b2ap3_thumbnail_ios_vuln_400.jpgApple's iOS 7.1.1. operating system has been affected by a series of bugs throughout this month. The first bug was emails being sent unencrypted, but now a new threat lurks in the shadows - a lock screen flaw that allows hackers to access your contacts list without unlocking the phone.

The flaw was discovered by Egyptian programmer Sherif Hashim, who has posted this video on his Youtube channel in order to show the steps required for doing so:

Hashim first attempts to use Siri's "contacts" command, which fails. Siri denies his request, telling him that he must first enter a password and unlock the phone. However, Hashim tries it again with a different command - "call". Using this command, Hashim was able to access the contacts list when bringing up the "Other..." menu, which appears when searching for a contact with a duplicate name.

It is thought that the flaw can be found in any iOS system running Siri, but it should be known that this flaw can reveal more than phone numbers. Hackers can potentially steal any information found on the contact card. This can reveal the address, phone number, Facebook page, and much more. You could basically be inviting hackers into your social life if they were allowed to get their grubby mitts on your phone.

Thankfully, that is the only way to exploit this vulnerability. The hacker must have physical access to your phone, and they can't access your phone remotely due to Siri being necessary to activate the vulnerability. It is recommended that you deactivate Siri from the lock screen via the Passcode options in the General settings of the device. This will prevent thieves from coaxing information out of Siri with their sugar-coated words.

You can always count on k_Street Consulting, LLC to deliver the latest news concerning vulnerabilities, patches, and updates directly to you. We'll arm you with knowledge about the latest threats and security breaches. Call k_Street Consulting, LLC at (202) 640-2737 today and find out what we can do for your IT as well!

“The Most Connected Human on Earth” - Chris Dancy ...
Microsoft Yields - Windows 8.1 Update Deadline Ext...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Sunday, 22 December 2024

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Blog Archive

2013
January
February
March
April
May
June
July
August
September
November