SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Siri Exploit Creates an Avenue for Hackers to Bypass Your Passcodes

Posted on December 15, 2016

Preventing unauthorized access to your iPhone is important; that’s why so many of us lock our phones with secure passcodes and even our fingerprints. These basic features mean that no passerby can pick up your phone and start going through your personal information. However, it’s important for users concerned with privacy and security to keep a close eye on their devices. In some cases, information stored on your phone can still be vulnerable even with a passcode lock. For example, if you have Siri enabled, there is a potential exploit which could allow a user to bypass your protective measures.

Discovered by the YouTubers behind Apple-centric channels iDeviceHelp and EverythingApplePro, a very specific sequence of events can be undertaken using Siri to unlock some features on the device eventually. How exactly could this work? Firstly, the attacker must determine the phone number, which one can accomplish by simply asking Siri. Then they must begin a call and open the message dialog. This point is where things become tricky, and where you might ask yourself “How did they figure that out?”

The attacker asks Siri to turn on the VoiceOver feature, and then executes a specific sequence of taps on the screen while on the Message prompt. This method allows the attacker to access your contacts, and eventually other portions of the phone such as your photos. In the YouTube video in which these exploits were revealed, the researchers involved mentioned that someone using this exploit could eventually reach the home screen. For now, that information is under wraps as all iPhones using iOS 8 and forward remain vulnerable. Apple has not yet announced a patch or effort to correct this vulnerability.

With that in mind, it’s worth thinking about how hackers don’t always enter your device from afar. If someone has information they desire, an attempt to physically use the device isn’t out of the question. Therefore, it’s important to keep your phone from falling into the wrong hands. While this exploit certainly takes time and practice to execute, it’s still worth noting as a potential leak.

At the same time, the privacy-conscious individual would do well to consider disabling Siri until a fix for this issue appears. That at least eliminates the primary source of the vulnerability. When you lock your phone, it should stay locked. Why worry about someone potentially looking into areas they don’t belong?

Join our mailing list for the latest security news and deals