Security issues with iOS 7 seem to be popping up everywhere. Last week, we reported that iOS 7 suffered from a bug which left email attachments unencrypted -- and while Apple has prepared a fix for the issue, a new one has appeared in its place.
According to Egyptian neurosurgeon and part-time security researcher Sherif Hashim, a flaw in iOS 7's Siri voice assistant allows anyone to bypass the iPhone lock screen and access the contact list. In a video posted on his YouTube channel, Hashim detailed the method of attack.
Using an iPhone 5S, Hashim tries and fails to sign in with the TouchID fingerprint scanner. Then, he activates Siri and accesses the phone's contact list by saying "contacts." Siri responds that he needs to unlock the phone first, but Hahim quickly hits cancel and instructs Siri to call a contact. This brings up the phone's entire contact list, which allows Hashim to view and call anyone on the list.
Apple will hopefully release a patch in the coming days, but what can you do until then? First, keep your phone on a tight leash. The flaw is only accessible if someone else gains physical access to the phone, which means no remote attacks. Additionally, Hashim recommends that users disable Siri on the lock screen. This can be done by going to 'settings', 'passcode' and tapping the option to disable Siri while the screen is locked, thus ensuring that your phone is safe, sound, and invulnerable to Siri's contact list flaw.
You can watch Hashim uncover the security flaw below:
Source: NBC News | Image via Apple
44 Comments - Add comment