Apple's Siri a weak link in iOS security

By on
Apple's Siri a weak link in iOS security

Lock screen bypassed.

Apple's Siri mobile personal assistant can be used to bypass login authetication and access personal contacts, apps and place calls.

The flaw affects the recently released iOS version 7.0.2.

The workaround granted access to the phone app and the ability listen to saved voicemails, view and change contact information, access photos, use Twitter, login to email and shoot out texts.


Dany Lisiansky showed that access could be achieved by using Siri to make a phone call (to another iOS device within reach), then clicking the FaceTime button, and as soon as the FaceTime app pops up, hit the sleep button, then wake up the device and “slide to unlock”.

Finally, answer and end the FaceTime request on the device receiving the call.

In his video, Lisiansky taps the end button on the device he is compromising, and is sent to the phone where he is able to access the whole slew of features.

Apple's iOS 7 was released on 18 September and users quickly realised that, whether locked or unlocked, Siri can be used to switch the device into airplane mode to effectively disable the "Find My iPhone" or "Find My iPad" apps. Airplane mode can also be activated in the Control Center, a feature new to iOS 7.

Within 48 hours, Jose Rodriguez, who gained fame in the past for finding ways to bypass Apple's iOS security protocols for lock screens, became the first to slip by the passcode feature in iOS 7.

Apple released iOS 7.0.2 on Thursday, which patched the flaw discovered by Rodriguez and additionally reintroduced the option to use the Greek alphabet keyboard for passcodes instead of just the four-digit numerical option.

Apple has not commented on the iOS 7.0.2 bypass issue, nor has the technology giant commented on the ability to replicate fingerprints to bypass the Touch ID sensor exclusive to the iPhone 5s.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?