A Siri 'Feature' Makes Personal Information Accessible from a Locked iPhone

Oct 13, 2016 08:00 PM
Oct 24, 2016 04:28 PM
636118904743516352.jpg

If you follow tech, you're probably familiar with Siri, Apple's personal voice assistant, which has been integrated heavily into iOS ever since iOS 5. But you might not have known that Siri is capable of performing some tasks when the iPhone is in a locked state. The default state of iOS is to allow access to Siri from the lock screen, most likely for the convenience of hands-free access to the phone.

This has led to more than a few lock screen bypass issues in iOS 7 (multipletimes), iOS 8, and iOS 9 (multipletimes)—and iOS 10 isn't any better.

In the latest iOS version, Siri continues to be accessible from the lock screen and she's giving out too much information! How much is too much? Any. Personal information can be used for many nefarious things, but especially social engineering.

From the iPhone lock screen using Siri, I was able to play back and send text messages...

636118839626484889.jpg

Let's see what this person is up to.

636118912275860047.jpg
636118839626484889.jpg

Let's see what this person is up to.

636118912275860047.jpg

And make calls and search the web.

636118840327891338.jpg
636118912096172385.jpg
636118840327891338.jpg
636118912096172385.jpg

Some commands such as "Launch Chrome" are met with a request for my credentials, while other commands such as "Give me directions home" are processed and launched, including "Show me my schedule." In a few minutes, I was able to quickly collect a lot of data from my locked iPhone.

MakeUseOf was able to pull up recent calls... something I didn't even think to try. And there are probably many more things you can do with Siri from a lock screen.

If you want to disable this functionality, it's fairly straightforward. First, navigate to your iPhone's Settings, scroll down to Siri, select Siri, then disable Access on Lock Screen.

636118844113515900.jpg

This could be considered a feature for when you are driving and cannot text or otherwise hold the phone in your hand. For me, it's a bug. The screen is locked for a reason. If unauthorized users can access my messages, send messages, make calls, and view my home address, it's a problem. Many users trust the people in their contacts list and wouldn't think twice about clicking a link sent to them by someone they trust, or revealing personal information to people they trust. If that person isn't really them, but someone talking to Siri through the lock screen, that's a defect in my book.

There maybe more commands available. I'd love to see the Null Byte community have a look at this. Maybe there's another lock screen bypass hiding in there!

Cover image by Norman Kin Hang Chan/123RF; Screenshots by Barrow/Null Byte

Just updated your iPhone? You'll find new Apple Intelligence capabilities, sudoku puzzles, Camera Control enhancements, volume control limits, layered Voice Memo recordings, and other useful features. Find out what's new and changed on your iPhone with the iOS 18.2 update.

Comments

No Comments Exist

Be the first, drop a comment!