Siri-Apple-Logo-Fail

We’ve heard many stories circulating Siri’s security issues, allowing nefarious users to gain access to contacts, photos, messages and even worse to completely unlock the iPhone without even entering the pass code. This new exploit comes as of no surprise.

The exploit only works on iPhone 6S and 6S plus (Yes, there is a little chance that you might be affected) since these iPhones’ are harbouring a new feature known as 3D touch, which is the sole feature of the exploit that allows unauthorized users to gain access to photos and contacts. Unfortunately, this exploit is present and active on the latest running iOS 9.3.1. There is nothing to worry since we will show you how to safeguard yourself from such an exploit.

How does the exploit work:

  1. Lock your device
  2. Start Siri by holding the Home button and say “Twitter”
  3. Once Siri asks what to search in Twitter, say “at-sign gmail.com” or any other email domain of your choice. The trick here is to find a valid email in the twitter’s bio.
  4. Once the results are provided, 3D touch on a valid email address to view the menu
  5. To view the photos, tap on “Create New Contact” then add photo for the contact and this is where you have access to the iPhone’s camera roll. To view the contacts, simply tap on “Add to Existing Contact” and you are looking at all the contacts saved on your iPhone.

How to safeguard:

To avoid people gaining access to your photos, navigate to Settings -> Privacy -> Photos -> Disable Siri function. It is possible that you won’t be able to find the Siri switch because Siri was never given access to Photos previously and in such a case you are fine. Unfortunately, this method won’t stop the user from gaining access to your contacts list.

Siri Photos

Since the previous method of avoiding Siri access to Photos doesn’t solve the Contacts bypass, another feasible solution is to disable the Siri function altogether. This will even stop the exploit happening from the first place. To do this, navigate to Settings -> Touch ID & Passcode -> Under “Allow Access When Locked” section disable the Siri function. This is a more drastic step as it will disable the Siri function on the lock screen and could have consequences on your workflow.

Siri-Lock Screen

If you are concerned with the contents of your Twitter profile being exposed, then you can navigate to Settings -> Twitter and disable the Siri function from there. In this case, Siri won’t be able to conduct any searches in your Twitter account.

As mentioned earlier, there are small chances that unauthorized users can gain access to your Photos and Contacts. This article is to make you aware of such a security flaw in Siri and prepare you to safeguard your iPhone if the need arises.

Tags: , , , , , , , , , , ,