New Siri Exploit Lets Anyone Call, Text or Email Your Contacts

Siri

The iPhone lockscreen has never been completely secure. Past exploits allowed random people to access your photos or to make calls with a few choreographed swipes. The latest, however, can grant access to your full contact list through Siri and let a stranger call, text, or email anyone they want from your number. Discovered by Egyptian neurosurgeon and part-time hacker Sherif Hashim, this vulnerability affects any iPhone running iOS 7.1.1 that has Siri enabled on the Lock Screen, which is the default setting. To skirt around the lockscreen, all you have to do is pull up Siri and give her a simple verb like “Call,” “Text,” or “Email.” Siri will ask you whom you want to contact, and you can manually type in a single letter. That will prompt Siri to ask you to clarify and will also give you an “Other…” option that will open up the iPhone user’s entire contact list. You’re simply tricking Siri into doing what you want.

Read the full story at Gizmodo.

Author: