Stories
Slash Boxes
Comments

SoylentNews is people

Bypassing Passcode Lock Screens on iPhones, iPads Running iOS 10

posted by n1 on Friday July 14 2017, @12:13PM   Printer-friendly
from the good-morning,-skynet dept.

Arthur T Knackerbracket has found the following story [*]:

Apple still has not patched the hole allowing you to bypass the iPhone lock screen. As of iOS 10.3.2 (and the 10.3.3 beta), you can still trick Siri into getting into a person’s iPhone.

[...] Not only can someone trick Siri to turn off cellular data, but they can trick her to read unread text messages and post to Facebook—a major privacy issue.

To do it, again prompt Siri to wake up using a finger not associated with the phone's authentication. Then say, “Read messages,” and Siri will read any unread text messages from the lock screen. Or say, “Post to Facebook,” and Siri will ask you what you want to post to Facebook.

We tested this with a staffer’s iPhone 7, with someone other than the iPhone owner giving the commands. Siri let the person right in.

While we wait for Apple to patch the hole, your best option is to disable Siri from the lock screen.

It seems like Siri's been a bad girl, yet again!

-- submitted from IRC

[* Yup, the URL says "ios-9", but the headline correctly says 10, maybe they need some eagle-eyed editors? -- Ed./FP]

Original Submission

 
This discussion has been archived. No new comments can be posted.
Bypassing Passcode Lock Screens on iPhones, iPads Running iOS 10 | Log In/Create an Account | Top | 18 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1) by harmless on Friday July 14 2017, @02:21PM (2 children)

    by harmless (1048) on Friday July 14 2017, @02:21PM (#539120) Homepage

    I don't have an iPhone, but as I understand TFA, you can disable Siri when your phone is locked.

    Yes, you can. In Siri settings there's an 'Access on Lock Screen' option.

  • (Score: 2) by bob_super on Friday July 14 2017, @04:48PM (1 child)

    by bob_super (1357) on Friday July 14 2017, @04:48PM (#539194)

    I'm gonna guess that the option is enabled by default, because Apple really thinks most of their customers need Siri listening in all the time just in case they need her...

    Sure, she doesn't send streams home for decoding unless she hears her name (allegedly, for a certain definition of "home"). But listening to her name is part of why I get over three days of battery life when iPhones barely give you one. And everyone I've ever seen use Siri manipulated their phone enough beforehand (bring it close, mostly) that pushing a button to wake up the processor just before talking would have been trivial.

    • (Score: 1) by harmless on Saturday July 15 2017, @03:12AM

      by harmless (1048) on Saturday July 15 2017, @03:12AM (#539451) Homepage

      If you don't like Siri to listen for "hey Siri", just disable that feature.

      (Or don't enable it. I can't remember which is the default.)