Home
Mobiles
Mobiles News
iOS Lock Screen Can Be Bypassed to Access Contacts Using Siri 'Hack'

iOS Lock Screen Can Be Bypassed to Access Contacts Using Siri 'Hack'

By Robin Sinha | Updated: 5 May 2014 20:36 IST

Apple's iPhone 5s came with the much-vaunted Touch ID fingerprint sensor for biometric authentication, however, soon after its release it was supposedly 'hacked' by a security research group. Now however, it looks like both the Touch ID sensor and passcode can now be bypassed by a new exploit for iOS 7.1.1.

A new video has sprung up on YouTube that shows how someone can bypass an iPhone 5s' security lock without the need to swipe the Touch ID sensor or input the 4-digit passcode locking the device. The video shows a user accessing the contacts saved inside the iPhone 5s (Review | Pictures), using voice-commands via Siri.

It has been also said that other iOS devices running iOS 7.1.1 lock screen are vulnerable to the reported exploit, which lets users bypass the passcode to access the contacts and even edit, copy and share them with others. It's not clear if other iOS versions are vulnerable to this bug.

The video by Sherif Hashim at first shows Siri rightfully asking for passcode when asked for 'Contacts' on a locked iPhone 5s. However, when given the voice-command 'Call', Siri straight away asks the user whom to call, giving access to on-screen keyboard via which one can search contacts and get access to the full phonebook list by tapping on 'Others' option.

NDTV Gadgets independently verified the exploit on an iPhone 4S running iOS 7.1.1. To bypass the lock screen, we had to issue a specific Call voice-command to Siri that also included a first name or last name of a contact that was featured in the iPhone's address book more than once - this can be trivial, with common names easily guessable. Once the voice command is given, a list of contacts matching the spoken name appear, along with the Call Other option, which gives other possible matches. If users select the Call Other option, they get access to the entire contacts database on the phone. Any of these contacts can be directly called from the lock screen.

Hashim's video however gives a simple solution at the end advising users to keep their 'Siri' voice-assistant switched off. Apple is yet to comment on the matter, but we assume the vulnerability will be patched out in an upcoming iOS update, possibly iOS 7.1.2.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.