Mobile security is a very sensitive topic nowadays. Companies like Apple and Google take pride in touting that their operating systems offer tight security features. Unfortunately, even though developers exercise the best practices on security, some flaws still go unattended, albeit unintentionally. A prime example is the new exploit found on iPhones running on the latest iOS 10 version.
In the short video posted on the iDeviceHelp channel, the person behind the camera details the procedure to bypass iOS 10?s security.
The beginning part of the video introduces the parameters for the security exploit. In this case, an iPhone running on the latest iOS 10.2 with Siri enabled from the lock screen.
To begin the exploit, the user must first ask Siri the question ?Who am I?? Afterwards, Siri will show the information of the phone?s owner, more importantly, the owner?s phone number.
Once the phone number of the target device is known, an attacker can use another phone to FaceTime the target phone. The next procedure then ignores the call by tapping on the Messages icon on the call display screen.
From here, the attacker will need to activate VoiceOver by asking Siri to activate it. Once activated, the assailant will then have to time the screen taps on the contact info bar and the keyboard. After this, the only remaining thing that needs to be done is to type a single letter on the keyboard to access the contacts. And from here, the photos can also be accessed by adding a contact and changing the photo of the contact being created.
This exploit is a serious breach on iOS security and can be taken even further to gain access to more information within the phone itself.
To prevent this from happening, first, users will need to deactivate Siri from the lock screen. To do this, Go to Settings>General>Passcode Lock. Under the Allow Access When Locked section, slide the Siri option to off.
Unfortunately, for those who rely very much on Siri, deactivating the feature may be totally out of the question. However, there is another way to secure your phone without deactivating Siri altogether. This is done by preventing Siri from displaying the user?s information when asked ?Who am I?? To do this, users must delete their own contact details on the phone. This will eventually reset Siri?s ?My Info? setting. When asked with the question, Siri will not have anything to display on the screen.
For more iOS 10 updates, be sure to check us out at TheBitbag.