From the safety of Apple’s ‘walled garden’ looking out, it may be easy to believe that your expensive iOS device is more secure from hackers when compared to all other devices and setting a passcode our using Touch ID on your iPhone tends to be the most common first line of defense to help prevent other people from accessing your personal details. Well, all that has now changed as a new critical security flaw discovered in Apple’s iOS 8 and newer mobile operating system, including the most recent iOS 10, allows anyone to bypass the iPhone’s passcode and gain access to personal information just by using the benevolent nature of Apple’s personal assistant Siri.
It’s hard to believe that with all the brilliant minds at Apple a mainstream Apple blogger was able to figure out how to bypass their lock screen and access certain parts of the phone like contacts and photos. It seems like a security glitch is in the latest version of iOS all the way down to iOS 8 whereby all an attacker needs is to find out the phone number of the target’s iPhone and physical access to the phone for a few minutes. What if you don’t have the phone number? No worries. If Siri is enabled for your lockscreen, all you need to do is hold down the home button of the iPhone you want to gain access to activate Siri and simply ask “Who am I?” Siri will reply with the phone number it is using. Once you got the phone number, there is about 7 steps you need to follow; like calling the phone using Facetime, along with turning on and off Voice over using Siri, taping on the screen in specific areas, and then you will find yourself in places you should not be: mainly the camera roll, contacts, and messages.
Is there anyway to protect against this flaw? iOS users can protect themselves by disabling Siri on the lock screen, though it will cripple your iOS 10 experience. To do so, Go to the Settings → Touch ID & Passcode and Disable Siri on the Lockscreen by toggling the switch to disable. Once disabled, you will only be able to use Siri after you have unlocked your iOS device using the passcode or your fingerprint. Apple is most likely aware of the flaw, so iPhone users can expect a fix in the next full version of iOS 10.2. sometime soon.