New iPhone lock screen exploit reveals contact information without passcode

Posted:
in iPhone
A new exploit requiring precise timing in conjunction with physical access to a device that has Siri enabled on the lock screen has surfaced, giving attackers the ability to view contact information, including photos, and message logs.




First publicized by YouTube channel iDeviceHelp, attackers with access to the device must call the phone, and start to send a message. After that, assailants instruct Siri to turn on voice over.

For the next steps, timing is crucial. Attackers must double-tap the contact info bar, and hold the second tap on the bar, while immediately clicking on a keyboard which may or may not invoke in time for the exploit.





At this point, the attacker can type the first letter of a contact's name, and then tap info button next to the contact to get information on the contact. The phone remains locked during the entire attack.

AppleInsider was able to repeat the steps necessary to invoke the attack on an iPhone SE, an iPhone 6 Plus, and an iPhone 6S Plus, but not on an iPhone 7 or 7 Plus suspected because of slightly different keyboard invocation times. A different YouTube channel, EverythingApplePro, claims that the exploit is capable on any phone, going back to iOS 8.0.

The best way to prevent the attack method is to disable Siri while the phone is locked in the Touch ID & Passcode preferences, or prevent physical access to the device. The testers have reported the flaw to Apple.

Comments

  • Reply 1 of 11
    boredumbboredumb Posts: 1,418member
    So???  A well-known Apple expert has recently explained, in these Fora, that Apple users don't really care about privacy anyway...
    Right?

    /s
    duervowatto_cobra
  • Reply 2 of 11
    Not again. Who has the time to even figure these stupid things out? Do you just sit around all day for hours and hours trying ridiculous combinations hoping you're going to come up with one that allows you access to something?
    mike1wonkothesanezoetmbbaconstangpeterhartwatto_cobrajony0
  • Reply 3 of 11
    foggyhillfoggyhill Posts: 4,767member
    So, they already have physical access to your phone and now can steal your cat photos ;-).

    zoetmbwatto_cobra
  • Reply 4 of 11
    williamhwilliamh Posts: 1,032member
    Not again. Who has the time to even figure these stupid things out? Do you just sit around all day for hours and hours trying ridiculous combinations hoping you're going to come up with one that allows you access to something?
    Not my area of expertise, but I would guess that these things are discovered through fuzz testing or some other automated method.
  • Reply 5 of 11
    The more functionality that is available from the lock screen, the harder it is to ensure that there aren't any bugs that allow access to personal information. Apple has to make sure that each operation is aware of when the phone is locked vs. unlocked, and enforces appropriate limitations when locked. IMHO, the only things you should be able to do at the lock screen are 1) unlock the phone, and 2) call emergency services (911). I would also concede 3) take a photo/video, because sometimes you want to capture a moment that you might miss if you wasted time unlocking the phone. Adding more operations increases the chance of exploitable bugs.
    edited November 2016 Soli
  • Reply 6 of 11
    Turn Off Siri use from the lock screen. Fixed. ….next. …………..Mine is not fixed, because I always use Hey Siri, hands-free.
    edited November 2016 watto_cobrajony0
  • Reply 7 of 11
    linkmanlinkman Posts: 1,035member
    williamh said:
    Not again. Who has the time to even figure these stupid things out? Do you just sit around all day for hours and hours trying ridiculous combinations hoping you're going to come up with one that allows you access to something?
    Not my area of expertise, but I would guess that these things are discovered through fuzz testing or some other automated method.
    These types of exploits are not discovered through automated means. This one was by pure trial and error. Fuzz testing is mostly for specific vulnerabilities such as buffer overflows and boundary limits. You could automate some slightly more complex methods such as those requiring certain touch timing (using a fake "capacitive" finger(s) or an electrical connection to the touch screen sensor for example). 
    jony0
  • Reply 8 of 11
    macguimacgui Posts: 2,350member
    Any exploit is a bad thing.

    But to use this one, someone has to know my name and phone number before successful execution of said exploit? (Physical possession is a given). This does limit the danger of this hack. I do keep Siri enabled on the lock screen, but turned off Control Panel. Siri stays.


    Doodpants said:
    IMHO, the only things you should be able to do at the lock screen are 1) unlock the phone, and 2) call emergency services (911). I would also concede 3) take a photo/video
    All doable, if the user chooses. The more operations that are added increase the chance that Apple or any manufacturer will not have done whatever arcane testing that reveals all possible exploits. The good thing is once discovered, most if not all of these can and probably will be fixed with software or firmware updates.


    Not again. Who has the time to even figure these stupid things out? Do you just sit around all day for hours and hours trying ridiculous combinations hoping you're going to come up with one that allows you access to something?
    I know, right?! Sometimes, a feature seems a likely target to exploit, but things like this would seem to be so random... I mean, do software engineers look at this and do a face palm saying 'Why didn't WE think of that??' or is the slider moved all the way from "D'oh" to "You have to admit it's a genius exploit!" in grudging admiration?

    At least this is easy if inconvenient to thwart if Apple doesn't fix it with an update.
    douglas baileyjony0
  • Reply 9 of 11
    macgui said:
    Any exploit is a bad thing.

    But to use this one, someone has to know my name and phone number before successful execution of said exploit?

    ...

    At least this is easy if inconvenient to thwart if Apple doesn't fix it with an update.
    As per video you don't need the users name and to get the phone number you ask Siri, 'Who's phone is this?' 

    I hope Apple patch it soon because I like having Siri available from the lock screen.

    In the meantime, as you say, it's easy to thwart.
    edited November 2016
  • Reply 10 of 11
    One of the first things that a professional thief seem to do is "Call <reads number digit by digit>" and presumably ask who answers (perhaps in another country) what the CallerID is, which you can see because their associate then calls them back (outside of FaceTime).
  • Reply 11 of 11
    This is getting a bit embarrassing. Not what I consider secure, at all. At least users can mitigate by disabling siri on lock screen. Whats next Apple will release an update that disables the ability to turn siri off. Yep probably. Follow their logic lately. Could always be worse I guess....at least our phones don't explode.
Sign In or Register to comment.