Apple makes efforts consistently to keep iOS secure, and it closes security holes quick as well as send out iOS updates to ensure iDevice owners remain secure.
So it was interesting for us to see an iPhone video on the latest firmware iOS 10.2 made fool into granting access to Contacts app and Camera Roll while it was locked. This video shows how anyone can gain access to a locked iPhone without messing with the passcode.
The video displays a locked iPhone with a passcode set and firmware iOS 10.1.1 / 10.2. The video maker then shows accessing images, email address, phone number, and likely physical addresses inside the iPhone without needing to enter a passphrase, PIN or something else for authentication. That’s quite scary.
As the case was in the past, the loophole in the new iOS version can be linked to Siri. The videos shows that it begins with Siri being invoked to inquire who the device is owned by, “who am I” if we get specific. Later, the user can use any other smartphone to initiate a call on the locked phone, and use the Message button to reply instead of answering the phone.
That point onwards the adversary can make a custom text reply and that’s it. A fair bit of tapping is needed in order to achieve the results that are shown in the video, and though it looks impossible for apps to launch this way, you don’t want anyone to thumb through the images in your phone.
See the embedded video and leave your opinion. A silver bullet also came out from this event – Apple is now aware of this issue, which works on IOS 10.1.1 and iOS 10.2, and it’s being investigated. We expect a new iOS patch to come out soon.
What do you think of this? Feel free to leave comments.