Exploit turns Siri into a blabbermouth, allowing hackers to use your contacts list to send messages

A new hack will allow anyone in control of your Apple iPhone, to get the names on your contacts list and send emails and texts under your name. The hacker will even be able to make phone calls from your number. Even if you have your phone locked, someone with devious intentions will be able to send messages as though they were coming from you. The exploit works with a passcode locked iPhone. Siri is given the command to call, which results in the virtual personal assistant inquiring who you want to call.

Once you type something along the lines of  "Call A," Siri opens up your contacts list. This allows anyone to have access to it. Emails can be sent from your address telling your boss off, or insulting your best friend's wife. Ironically, the exploit was not available on those iPhone units that didn't use the passcode lockscreen feature.

It is possible that in a future update, we will see Siri divorced from the passcode. But for now, you can manually shut down Siri's integration with the passcode lockscreen by going into the Touch ID and Passcode settings in iOS 7. Toggle the switch to off  under "Allow Access When Locked," and Siri will keep her mouth shut when it comes to your contacts.



source: NBCNews via Gizmodo