Latest Post

Friday, May 9, 2014

New iPhone lock screen flaw gives hackers full access to contact list data

in News
iPhone users may be vulnerable to a lock-screen flaw that allows a hacker to access contact list details on the device.

According to the Egyptian part-time hacker who discovered the flaw and recorded the steps on YouTube, Sherif Hashim, the vulnerability only exists when running iOS 7.1.1, the latest version of the mobile platform, and when Siri is available from the lock-screen.

The flaw exists when Siri is triggered on the lock-screen, and a user says, "Contacts." Although Siri will refuse to dish out any details, not before bringing up the password screen, a user is able to access the contacts list by pulling up on the screen, editing the request, and asking for a duplicated name. If you have more than one "John," for instance, you have the option to view all contacts from the "Other..." menu.

However, the hacker attempting to gain access to the device must be in its physical presence in order to perform the trick.

ZDNet tested this in our Louisville, KY office, and was eventually able to reproduce the bug after numerous attempts. Although you can try different names one by one, you also have the option to access the full contacts list.

The flaw, which is believed to work on all iPhone versions running Siri, doesn't just gain access to phone numbers, but any information that is available from a contact card.

Users are advised to switch off Siri from the Passcode options in the General settings of the device.

ZDNet reached out to Apple for comment, but did not hear back at the time of writing.

Source : zdnet