Siri search bug allows others to get into your Contacts and Photos without knowing the passcode

A flaw has been discovered on the iPhone's virtual voice-activated personal assistant Siri. With this bug, someone in possession of your iPhone could get into your Contacts or your Photos without having to punch in a passcode. The bug affects Apple iPhone 6s and Apple iPhone 6s Plus models that are set up to allow Siri to search their Twitter account and Photos app.

To see the flaw in action, open Siri and ask Siri to do a Twitter search. If the search results contain data found in contacts, like an email address, use 3D Touch to click on "Add to Existing Contact." Not only does that bring up the Contacts list, that list can also be used to access the Photos on your phone.

You can prevent this from happening to you by disabling Siri's Twitter and Photos integration. All you need to do is go to Settings > Twitter and turn off Siri. Once that is done, go to Settings > Privacy > Photos and again, disable Siri.

We should point out that the first time you use Siri to search Twitter, you will have to verify that you own the phone via a correct passcode entry, or by using Touch ID. Once that has been completed, those knowing about the bug will be able to break into Contacts and Photos using the flaw as seen in the video below.



source: videosdebarraquito via AppleInsider