iOS Flaw Allows You To Use Siri To Bypass Phone Lock Passcode
Do you own an iPhone? If yes, then you may want to be careful. A newly discovered security flaw in iOS allows attackers bypass an iPhone’s lock screen using a Siri search and access the user’s messages and private photos, even if you are using configured Touch ID or not.
EverythinApplePro and iDeviceHelps who discovered the flaw say that the bug uses Siri to break into the device. The same flaw also exists on iOS 8 and newer, including 10.2 beta 3. Well, this flaw isn’t exactly a new discovery since similar flaws have been discovered in previous versions of iOS. However, Apple is usually quick to fix them by way of an over-the-air (OTA) firmware update.
You can reproduce the bug using the steps mentioned below:
1. Firstly, find out the phone number of the victim’s iPhone. If you are unable to do so, just ask Siri “Who am I?” (Note: This involves having access to the iPhone you want to break into).
2. Call the victim’s phone using the phone number obtained from Siri above. You can also start a FaceTime call.
3. Then, click Message and then Custom Message to go to the New Message screen when you are allowed to type a reply.
4. Once done, activate Siri using the Home button and say “Turn on Voice Over.” You will hear a confirmation message saying “OK, I turned on VoiceOver” and then go back to the message screen.
Note: You may have to try several times to succeed in the next step. So, double tap the bar where you input the caller’s name and then hold, while immediately clicking on the keyboard. Keep repeating it several times until you see a slide-in effect on the screen above the keyboard. You can then ask Siri to “Turn off VoiceOver.”
5. Then, in the top bar, type in the first letter of a contact’s name, and tap the circular “i” icon next to the name, and create a new contact.
6. Choose add photo, select photo, and you’re in. Although the iPhone is in the locked state, you will still be able to see the gallery just like you would browse the phone. You can also select any contact and read messages and see all previous conversations with that contact.
How to protect against the bug
While Apple is very likely to patch the bug in the next beta, in the meanwhile, you can stay safe by disabling Siri on the lock screen. All you need to do is go to Siri > Access on Lock Screen and toggle the switch to disable. It is likely that the complete version of iOS 10.2 will include a patch against this flaw.