Exploit turns Siri into a blabbermouth, allowing hackers to use your contacts list to send messages

Exploit turns Siri into a blabbermouth, allowing hackers to use your contacts list to send messages
A new hack will allow anyone in control of your Apple iPhone, to get the names on your contacts list and send emails and texts under your name. The hacker will even be able to make phone calls from your number. Even if you have your phone locked, someone with devious intentions will be able to send messages as though they were coming from you. The exploit works with a passcode locked iPhone. Siri is given the command to call, which results in the virtual personal assistant inquiring who you want to call.

Once you type something along the lines of  "Call A," Siri opens up your contacts list. This allows anyone to have access to it. Emails can be sent from your address telling your boss off, or insulting your best friend's wife. Ironically, the exploit was not available on those iPhone units that didn't use the passcode lockscreen feature.

It is possible that in a future update, we will see Siri divorced from the passcode. But for now, you can manually shut down Siri's integration with the passcode lockscreen by going into the Touch ID and Passcode settings in iOS 7. Toggle the switch to off  under "Allow Access When Locked," and Siri will keep her mouth shut when it comes to your contacts.



source: NBCNews via Gizmodo

FEATURED VIDEO

6 Comments

1. Jommick

Posts: 221; Member since: Sep 10, 2013

So...not a glitch, just something included for convenience that can be turned on and off at will?

2. sprockkets

Posts: 1612; Member since: Jan 16, 2012

No, if you want to go to contacts, the phone in the video said you have to unlock. But then he tells siri to call "A", then the phone of course doesn't have an "A", then shows the entire contact book and shows phone numbers. Apple will usually get their app protection down right, in the sense of preventing you the user from running what you want on it, but otherwise they seem to fail at a lot of other stuff.

3. Finalflash

Posts: 4062; Member since: Jul 23, 2013

lol, hope you're joking because calling an oversight a feature is really stretching it. There should be 0 access allowed to personal/private information without authentication no matter what. So they need to limit siri to things that are not on the phones memory maybe to make this stay without it compromising your personal data. Still, the amount of people under threat of having this ruin their day, much less lives, is probably about 0.01% (what I mean is something low, in case the number nazis want to know).

4. Topcat488

Posts: 1409; Member since: Sep 29, 2012

Apparently Siri is not "Loyal"... She'll give up info, if you touch her the right way! O.o Reminds me of the song by Chris Brown... That Siri aint loyal. Hahaha

5. techperson211

Posts: 1280; Member since: Feb 27, 2014

Amazing. The most secured OS. (Not)

6. Scott93274

Posts: 6025; Member since: Aug 06, 2013

Having the most secured mobile OS doesn't make it flawless. I honestly think that it is the OS with the least amount of threats. Though if you have a brain in your head, Android and Windows Phone are just as safe.... What I'm really curious about is Chrome OS. I read all these claims stating that you can't get viruses on the computers.... but to me, that's just inviting people to prove you wrong. Same thing as calling the Titanic the unsinkable ship. Wait and see I suppose.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.