iOS 7 has brought some cool new features to Apple’s mobile operating system, but it has also introduced its fair share of embarrassing and unwelcome security holes.
Some of the more high profile flaws have involved methods to bypass the iPhone’s lock screen. Astonishingly, the first of these appeared just one day after the initial release of iOS 7, and there have too many others since.
Now, it appears that an iPhone lock screen flaw has been found in iOS 7.1.1, the latest version of the operating system, which can allow someone to reach the Contacts of an iPhone without unlocking the device.
Sherif Hashim, who describes himself as an Egyptian neurosurgeon and part-time security researcher, discovered the security loophole and created a video demonstrating how it could be exploited.
In his video, Hashim initially tries (and fails) to access the targeted iPhone’s contact list by giving Siri a command while the device is locked.
However, when he simply gives Siri a “Call” command instead, and Siri asks who he would like to call, it is just a couple of simple steps to gain access to the phone’s Contact list, where phone numbers can be stolen and even unauthorised calls made.
Of course, being an iPhone lock screen bypass it does require an unauthorised party to have physical access to your iPhone. This isn’t a security hole that can be exploited remotely.
But many people are in the habit of leaving their phones lying around, perhaps in the office, college or at home, without proper consideration that someone might attempt, while backs are turned, to meddle with it with either mischief or malice in mind.
It turns out that anyone concerned about this latest lock screen bypass can prevent it from happening on their iPhone easily enough.
Simply do the following to protect your iPhone from this type of attack:
- Navigate to Settings > Passcode. (You should have to re-enter your passcode at this point. You *do* have a passcode, don’t you?)
- Under the Allow Access When Locked section, tap the Siri On/Off slider to turn it off.
- Now no-one, including you, can access Siri while your phone is locked.
Of course, this solution isn’t going to be satisfactory for everyone. There are plenty of people who probably *want* to be able to give commands to Siri while their device is locked.
For instance, perhaps they are making calls while driving, or have a sleeping baby in their arms, which makes it tricky for them to enter a passcode.
I accept, that could be a nuisance, but isn’t it time that Apple understood that when a phone is “locked,” users expect it to be really, properly *locked*?
We’ll have to wait and see if Apple will include a fix for this latest lock screen bypass in a future version of iOS. In the meantime, if you’re worried, disable Siri on the lock screen as described above. And let’s hope that Apple also puts a little more effort into testing this particular part of its software, so it doesn’t suffer from any more similar security flaws in future.