iPhones vulnerable to yet another lockscreen bypass

iPhone aficionados at iDeviceHelp and EverythingApplePro have discovered yet another way for someone who has physical access to your phone to access your messages, photos, and contacts, even if the phone is locked with both a passcode and properly-configured TouchID.

EverythingApplePro and iDeviceHelp published full proof-of-concept videos of this bypass on YouTube, in case you’d like to follow along at home.

The demonstration shows the bypass on an iPhone 7 using the iOS 10.2 beta 3, as well as an iPhone 4 using iOS 8 and even on an iPad, showing that this flaw affects any iDevice that can receive Facetime or phone calls.

This is not the first time (by a long shot) that clever iPhone users have found lock screen bypasses to access information that should be locked down, including photos, messages, and contacts. In fact, we’ve been covering flaws like this since at least 2013.

Anyone attempting this bypass needs physical access to your phone – they can’t grab your stuff remotely but if your phone has been stolen or left unattended then this bypass is fairly straightforward.

The hack uses Siri to activate the VoiceOver feature on the target phone while the phone is still locked. Once the target phone receives a call (via Facetime or phone) and the target phone declines the call with a message, the VoiceOver feature can be hijacked to cause unintended behavior in the messaging screen which then allows access to the phone’s contacts, photos, and messages.

Thankfully, as with pretty much all of the iOS lockscreen bypasses we’ve covered, there is a really simple way to prevent this from happening: disable Siri access on the lockscreen.

If you can’t use Siri to enable VoiceOver from the lockscreen, this hack (and many others) will not work.

To disable Siri access from the lockscreen:

  • Unlock your phone
  • Go to the Settings app
  • Tap “General”
  • Tap “Siri”
  • Tap and disable “Access on Lock Screen”

Are you concerned about iPhone hacks like this, or are they overblown? Will you be disabling Siri from your lockscreen, or have you done so already?

Image courtesy of Shutterstock.

from SophosLabs blog http://ift.tt/2gn0WPL


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s