Security Simplified ! - A Kaapagam Technologies IT Security Blog

A very obliging Siri opens up a vulnerability in iOS 7.0.2

1. October 2013 19:40 by CA in Vulnerability

An Israeli researcher has found a way to access a locked iPhone's contacts and messages database using Siri.

 

In a YouTube video, Dany Lisiansky showed how a locked phone running iOS 7.0.2 can be opened by using Siri's voice control to make a call to an attacker's system. This "feature" then allows an attacker to access the target handset's Phone application, giving access to call history, voicemail, and entire list of contacts by following seven steps:

1. Make a phone call (with Siri / Voice Control).

2. Click the FaceTime button.

3. When the FaceTime App appears, click the Sleep button.

4. Unlock the iPhone.

5. Answer and End the FaceTime call at the other end.

6. Wait a few seconds.

7. Done. You are now in the phone app.

 

With over 200 million Apple users now using iOS 7, with no way to remove the upgrade, it looks like there could be another update in the pipes soon …..

 

In the meantime, users are advised to turn off Siri's ability to work while the handset is locked by going launching the Settings app, tapping General > Passcode Lock, turning Passcode on if it isn't already, then toggling Siri off under Allow Access When Locked

Add comment

  Country flag

biuquote
  • Comment
  • Preview
Loading