This iPhone Exploit Gives Attackers Access To Contacts Via The Lock Screen
If you value privacy on your iPhone, you might want to take heed of a new exploit that's been revealed. It appears a new issue with iOS devices' Siri access can give attackers the ability to get into your contacts and view those as well as photos and messages you've sent to said contacts without having to enter a passcode.
Essentialy, as revealed by YouTube channel iDeviceHelp by way of AppleInsider, attackers have to call the phone in question and then attempt to send a message. They must then ask Siri to turn on voice over, then, with a quick series of button preses must double-tap the contact info bar, hold the second tap on the bar, and immediately cick on a keyboard. When this is done, all the attacker need do is type the first letter of the contact's name and choose the info button next to the contact to rettain the information. All of this occurs while the phone remains locked.
AppleInsider tried these steps, as have a number of other sites, and it did work on an iPhone SE, iPhone 6 Plus, and iPhone 6S Plus. Both iPhone 7 and iPhone 7 Plus appeared to be safe, but a YouTube channel called EverythingApplePro states that the exploit will work on any phone dating all the way back to iOS 8.0.
To keep this from happening, regardless which phone model you have, disable Siri while your phone is locked or just keep people from getting onto your phone if at all possible -- which that certainly wouldn't help much if you lost it, now would it? Those who uncovered the flaw have reported it to Apple, so hopefully a fix will be available in the coming days.