Siri search bug allows others to get into your Contacts and Photos without knowing the passcode
posted by Alan F. / Apr 05, 2016, 12:00 AM
To see the flaw in action, open Siri and ask Siri to do a Twitter search. If the search results contain data found in contacts, like an email address, use 3D Touch to click on "Add to Existing Contact." Not only does that bring up the Contacts list, that list can also be used to access the Photos on your phone.
You can prevent this from happening to you by disabling Siri's Twitter and Photos integration. All you need to do is go to Settings > Twitter and turn off Siri. Once that is done, go to Settings > Privacy > Photos and again, disable Siri.
We should point out that the first time you use Siri to search Twitter, you will have to verify that you own the phone via a correct passcode entry, or by using Touch ID. Once that has been completed, those knowing about the bug will be able to break into Contacts and Photos using the flaw as seen in the video below.
source: videosdebarraquito via AppleInsider
- Display 4.7" 750 x 1334 pixels
- Camera 12 MP / 5 MP front
- Processor Apple A9 APL0898, Dual-core, 1840 MHz
- Storage 128 GB
- Battery 1715 mAh(14h 3G talk time)
Posts: 67; Member since: Mar 24, 2016
Barf on Apple for this
posted on Apr 05, 2016, 12:07 AM 3
UPDATE::::: Apple already fixed!!!! No need a patch - it was done server-side. http://iphone.appleinsider.com
posted on Apr 05, 2016, 11:51 PM 0
Posts: 2278; Member since: Aug 06, 2014
Oh man here we go again
posted on Apr 05, 2016, 12:39 AM 2
This is not possible on devices without 3D touch.. this is not a Siri exploit, it's a 3D Touch thing.... This stuff is easy to find on iOS (although this stuff exists on all android devices, PC's, and anything with computer code - that's just the nature of code, because it's written by men)... But iOS devices are very similar to eachother, so it's easy to spot and reproduce this - android are all different, so when you find an exploit in let say LG G5 - no one gives a crap to report it... Anyways, confident that Apple will patch this, very sorry that most android users are still vulnerable to Stagefright!!!
posted on Apr 05, 2016, 4:12 AM 1
Posts: 3960; Member since: Oct 21, 2014
Sources later than this showing 375 vs 130? Do share... http://www.dereferer.org/?http
posted on Apr 05, 2016, 7:07 AM 0
oh man, I just had this conversation already. Look at the article and go to the sourse website: these are a list of volnurabilities that were patched not volnurabilities that are still in the wild. Angroid may have a lot more than what's listed, but if Google did not address them then they wouldn't be on threat list. I gotta explain this to these kids again since they prefer to look at pictures than to read. The article that someone posted sources the numbers from a website that analyzes updates and patches for fixes that are included in those. Yes Apple patches more volnurabilities that android based on these numbers - but here's the kicker these represent holes that were already patched during the year by Apple or Google. You can also confirm this because every volnurability listed is described as "...before ios9.1, or before ios8.3, or before ios7.2" and so on. The other kicker is it describes android volnurabilities based on versions of android, like so " android 6.x and older, android 5.x and older, android 4.4 and older" and so on. Now consider which platform has nearly 80% running latest update and which platform has only 3% running latest update. You'll quickly realize that android users are the ones sitting ducks with Unpatched holes because they never got updates for newly discovered volnurabilities. It's not how often you fall, it's haw fast you get up. Apple patches thes within days now, android is still laying on their face. @ordinary, Google may have made a fix for stagefright, but there are hundreds of millions still waiting for an update.
posted on Apr 05, 2016, 10:09 AM 0
Posts: 5029; Member since: Mar 30, 2015
Sure but reality is there is usually more total hole in ios than on android. Patched or not the total is much more on ios than android ( thanks got they patch it lol ) You mean 80% of ppl going to apple app store use latest version right? Because in reality easily 50% of iphone user i serve at work dont even install app on the phone they use it only for call , text and email. ( to be truthfull same apply to android phone user ) So its easy to play with number like this. As for stagefright like the name say its feel like a staged not real vulnerability as i never had 1 client thats got it so its like a ghost issue thats never happen to anyone strange..
posted on Apr 05, 2016, 11:39 AM 1
You did not read or did not comprehend what I wrote - those holes reported are the patched ones. I'll really simplify it for you: For all we know android and apple both had 1000 holes each - Apple patched 300 of them and android patched only 150. In addition Apples updates reached 80% adoption android 3%. Come on, why can't you understand what is talked about. There are more holes on android and iOS than talked about on that sourse website - these are just the ones caught and patched. It is impossible to catch as many holes on android devices because there are so many different citation - but they are there! Malware isn't designed to be noticed when someone has it. And EVERYONE I know installs loads of apps on any Device they have. I'm not sure where "your store" is located that 50% of iPhone users don't install apps and only use it for call sounds far fetched. I'm not playing numbers, the article mr electrocuted linked to does NOT reveal what these numbers mean - they do not mean that this is what is actually outthere, but that they analyzed the patches that Apple and Google has sent out and that's what they see being patched - that might as well mean that Google does not patch all their vlnurabliities often enough to insure they're all exterminated...
posted on Apr 05, 2016, 12:46 PM 0
Posts: 1337; Member since: Oct 05, 2011
Nothing is invulnerable. Not Android not iOS so do not fool yourself into a false sense of security that iOS is perfect. As you stated it is all coded by men- Both iOs and Android so pointing out that one is more secure than the other is false.
posted on Apr 05, 2016, 8:39 AM 0
Posts: 5029; Member since: Mar 30, 2015
Some vulnerability thats got patched in 9.3 existed since before ios 5.0 lol so dont go there Alik. Those website thats you say give the patched number of vulnerability also usually say since what version those vulnerability are present..
posted on Apr 05, 2016, 11:39 AM 0
Posts: 3935; Member since: Oct 03, 2015
When I try to do a twitter search siri tells me to unlock my iPhone, guess this doesn't really work. Never mind after a moment siri ask permission to use my twitter account and a simple yes gets you though without unlocking. SMH Apple.
posted on Apr 05, 2016, 12:48 AM 0
Posts: 1154; Member since: Feb 25, 2012
9.3 is working fine I just hate the fact that Apple is becoming too known with so much update numbers. I mean after 9.3 you still have to create more bags to jump to 9.4 huh? Meanwhile android is on 6.0.1 and they're doing fine with not much major problems.
posted on Apr 05, 2016, 1:43 AM 1
Posts: 102; Member since: Mar 29, 2016
The OS with most vulnerabilities.
posted on Apr 05, 2016, 3:26 AM 4
The OS with most vulnerabilities... that are patched!!! (fixed that for you). Versus Android that still has MOST vulnerabilities exposed due to inability to distribute latest updates....
posted on Apr 05, 2016, 4:03 AM 1
Posts: 5029; Member since: Mar 30, 2015
But many thats dont get patched for years... Here some example : CVE-2011-2391DoS 2013-09-19 : found 2015-11-30 : fixed Complete The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets. Second example : CVE-2014-1266 2014-02-22 : found 2015-07-10 :Fixed The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step. So as we said before apple not better they do look better because they do update after update but end result is you might have much more vulnerabilities on your iphone than you think and as you have a false sense of security ( thats you should NEVER have no matter what OS and brand you use! ) you leave yourself open.
posted on Apr 05, 2016, 11:55 AM 2
Once again, these are fixed, no one knew about them until this website people analyzed apples update software to list it on their site. Apple saw it and patched it, the after that the website posted it. Just because android has less patched holes, does not mean that they patched them all - they just patched the ones they found - Apple is better at finding their own volnurabilities than android within its own software due to.. (dare I say the "F" word)... fragmentation.
posted on Apr 05, 2016, 5:07 PM 0
Send a warning to post author
Send a warning to Selected user.
The user has 0 warnings currently.
Next warning will result in ban!
Ban user and delete all posts
Message to PhoneArena moderator (optional):