iOS is notorious for having lock screen vulnerabilities that allow attackers to access supposedly secure parts of your iPhone and iPad. Today, a new exploit was found that tricks Siri into revealing your messages as well as letting someone tweet from your phone.
The exploit affects all iPhones running iOS 7.0 and later, including the latest iOS 8.0.2 update released last week. The hack works by taking an iPhone offline by ejecting its SIM card, then allowing it to reconnect to the internet.
You can try it out on your own iPhone by following these steps.
1) Make sure Wi-Fi is off so your iPhone can be taken fully offline.
2) Ask Siri a question like “Siri, show me my emails.” Siri will tell you that a passcode is needed.
3) Eject the SIM card and put it back in. Wait for the icon in the menu bar to show it has reconnected to the cellular network.
4) Tap the “edit” button with Siri active to edit your voice command with the keyboard. Change the question slightly by adding or removing words. For example, “Siri, show me all my emails.”
Siri should then follow through with your command without asking for your passcode. This also works with reading your text messages and sending tweets from your Twitter account. The attack enables Tweeting from the lock screen using Siri, even if you had the option disabled before.
There’s no reason to freak out about this yet, as it’s unlikely this exploit will cause massive damage since someone needs to have physical access to your phone.
Still, if you want to protect yourself while Apple figures out how to fix this, you can disable using Siri from the lock screen. You can do this by heading over to the Settings app and then looking for Touch ID & Passcode. Uncheck the Siri button under Allow Access When Locked.
iOS 8 is still very much a secure operating system, and has proven itself the safest mobile OS in our comparison.
Source: Phone Rebel
Follow me on Twitter: @lewisleong