New iPhone lock screen exploit exposes personal info with Siri's helping hand
YouTube channel iDeviceHelp has recently published a video that details how, through precise timing, a hacker with physical access to an iPhone can bypass the lock screen and view protected information such as contact info, message logs, and photos.
Following further investigation by iPhone users across the globe, it turns out that, with proper timing, this exploit works on any iPhone running iOS 8.0 or later. However, for the trick to work, the iPhone needs to have Siri enabled on the lock screen, as Apple's virtual assistant is a critical piece of the exploit chain. Also, hackers need physical access to the iPhone; there's no way of triggering the exploit remotely.
To gain access to sensitive information, a potential hacker needs to first call the iPhone, then start sending a message, and then ask Siri to turn on voice over. The next stage is the one where precise timing comes in, as the hacker has to double-tap-and-hold on the contact info bar and then instantly click on a keyboard that should appear on screen if the previous steps have succeeded. Check out this video for a visual explanation:
If the exploit has been successful, assailants can now get a contact's information by typing the first letter of a contact and then tapping the info button next to the contact.
Apple has been informed of the exploit and is expected to close the loophole through a future update. If you're worried that this exploit might affect you before Apple gets around to patching it, you can completely block it by disabling Siri when the screen is locked. To do this, head on to the Touch ID & Passcode preferences in the settings menu.