2014/05/07

iOS Vulnerability Enables to Bypass the Lock Screen Password to Access Contacts

iOS 7.1.1 is existing loophole that allows anyone to easily bypass the lock screen password to access the address book, and makes phone call or SMS directly.
According to users of iPhone, currently iOS 7.1.1 unlock password can bypass access to contacts in the lock screen cases directly. The method is very simple: through the voice assistant Siri.

Users can directly exhaled Siri, to "call Green (any last name)" or "Call G (any English initials)" to bring up all Greens while after clicking the "other" is visiting to all contacts without knowing the lock screen password.

In fact, Siri has been made ​​for permission to restrict contacts. For example, if you want to go to contacts through Siri, you are required to enter a password to unlock. However, the method of vulnerability mentioned that is guiding surnames directly. And surnames retrieve all user-related, so users come into the main contacts more by clicking.

With this loophole, anyone can view, call all staff contacts of phone lock screen easily. Also, anyone can set up a similar approach to send text messages or e-mail to everyone.


For current situation, the user can turn off Siri voice for a short time until the bug fixes.

No comments:

Post a Comment