The use of passcode for the protection of users’ data on iPhone Smartphone doesn’t protect users from the possibility that local ill-intentioned will access their data.
A new flaw allows bypassing the passcode protection, even when Touch ID is properly configured, and access photos and messages stored on the device.
The critical vulnerability affects the iOS 8 and newer versions of the Apple OS, including 10.2 beta 3. An attacker can bypass iPhone passcode and gain access to personal data on the device by exploiting the Apple personal assistant Siri.
The security issue has been discovered by EverythingApplePro and iDeviceHelps who made public it and published a video PoC of the hack.
The attacker needs the phone number of the target iPhone and access to the phone for a few minutes. If he doesn’t know the phone number, well Siri will reveal it with a simple query, “Who am I?”
Waiting for a fix, it is possible to protect the user’s device by disabling Siri on the lock screen, this means that the personal assistant will be accessible only after providing the iPhone passcode or the fingerprint.
Go to the Settings → Touch ID & Passcode and Disable Siri on the Lockscreen by toggling the switch to disable.
Another possibility consists in removing Photos access from Siri in this way:
Go to Settings → Privacy → Photos and then prevent Siri from accessing pictures.
Experts believe Apple will fix the issue in the next version of iOS 10.2.
(Security Affairs – iPhone 7, mobile)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.