New iPhone Vulnerability: Lock Screen Can Leak Your Contacts!
Think your data is safe when you lock your phone? Thanks to a newly discovered vulnerability with iOS 7.1.1 (the latest version), a hacker has the ability to bypass your lock screen and easily access your contact information.
This vulnerability was discovered by programmer Sherif Hashim. In this video Sherif shows how a hacker can use the personal assistant app Siri to bypass an iPhone's lock screen.
"Siri, Open Sesame"
It doesn't take a computer genius to perform this hack. Hashim points out that all he has to do is activate Siri from the lock screen by saying "contacts." At first, Siri declined his request, citing the need to unlock the phone. Not deterred, Hashim found a backdoor by commanding Siri to "Call" while still locked out of the phone. This call command acts as a magic word, giving the locked out user access to the phone's contact list via the "Other" menu whenever a request is made for a contact with a duplicate name.
This vulnerability actually affects all iPhone versions running Siri. To make matters worse, it reveals more than just phone numbers. This vulnerability can potentially give hackers access to any information on the phone's contact card, including physical and email addresses. The potential fallout from this sensitive information falling into the wrong hands can lead to some pretty grim scenarios where data loss is the least of your worries.
Take a Temporary Break from Siri
For now, the best way to safeguard yourself from this vulnerability is to disable Siri from the lock screen. You can do this through your Passcode options via the General settings. Sooner than later, Apple will release a security patch for Siri that will take care of this vulnerability and let you once again call upon Siri's soothing voice with confidence, but for now, you'll want to give your virtual personal assistant some much needed R&R.
Of course, the best way to protect yourself from this vulnerability is to not let your phone out of your sight. A hacker must first possess your iPhone before they can access your locked data via Siri. In this situation Siri may have let you down, but with Directive, you have another technology assistant that will always be on your side and never divulge any of your information to the wrong people. Contact us today at 607.433.2200 to learn about more mobile security measures that you can enact to protect your company's technology.