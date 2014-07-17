Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

Bypassing Passcode Lock Screens on iPhones, iPads Running iOS 10

posted by n1 on Friday July 14, @12:13PM   Printer-friendly
from the good-morning,-skynet dept.
News Security

Arthur T Knackerbracket has found the following story [*]:

Apple still has not patched the hole allowing you to bypass the iPhone lock screen. As of iOS 10.3.2 (and the 10.3.3 beta), you can still trick Siri into getting into a person’s iPhone.

[...] Not only can someone trick Siri to turn off cellular data, but they can trick her to read unread text messages and post to Facebook—a major privacy issue.

To do it, again prompt Siri to wake up using a finger not associated with the phone's authentication. Then say, “Read messages,” and Siri will read any unread text messages from the lock screen. Or say, “Post to Facebook,” and Siri will ask you what you want to post to Facebook.

We tested this with a staffer’s iPhone 7, with someone other than the iPhone owner giving the commands. Siri let the person right in.

While we wait for Apple to patch the hole, your best option is to disable Siri from the lock screen.

It seems like Siri's been a bad girl, yet again!

-- submitted from IRC

[* Yup, the URL says "ios-9", but the headline correctly says 10, maybe they need some eagle-eyed editors? -- Ed./FP]

Original Submission


«  Five Things to Know About the Iceberg
Bypassing Passcode Lock Screens on iPhones, iPads Running iOS 10 | Log In/Create an Account | Top | 1 comments | Search Discussion
Display Options Threshold/Breakthrough

Reply to Article

Mark All as Read

Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 0) by Anonymous Coward on Friday July 14, @12:20PM

    by Anonymous Coward on Friday July 14, @12:20PM (#539083)

    Does "messages" include email messages? If so, I could imagine that this could be used with password resets to gain access to someone's account:

    1. Request password reset on the site. The site sends a mail with the reset link.
    2. Get Siri to read that mail to you using this hole. The mail contains the reset link. I assume it will be read out by Siri.
    3. Carefully write down that link (or record it with your own device). Visit that link from your own system.
(1)