Skip to main content

Apple iPhone lock screen flaw surrenders access to all Contacts

Apple iPhone owners have a new lock screen bypass to combat after a security researcher discovered a flaw in the newest version of iOS.

Related: iOS 7 access to airplane mode from lock screen can prevent owner wiping stolen iPhone

It’s reported that the latest exploit, which is inside iOS 7.1.1, allows someone to reach the iPhone’s Contacts screen without unlocking the device and works across all iPhones that have the Siri personal assistant.

Sherif Hashim, a part-time security researcher and full-time neurosurgeon from Egypt, outlines the loophole in a YouTube video where he explains how Siri can be used to enter the device.

Hashim uses Siri’s “Call” command that asks who the user wants to call and after this it takes just a few more steps before being given access to the device’s entire Contact list that can be viewed and used for illicit means.

The bypass can’t be exploited remotely and it has to be done by someone that has physical access to the device and it pays to be vigilant when using a device and to not leave it unattended for long periods of time.

Graham Cluley, a security researcher himself, writes on the Intego security blog that iPhone owners can prevent the attack by going to Settings and then Passcode before scrolling down to the Allow Access When Locked section and turning off Siri.

Apple’s iPhone has been plagued by a number of lock screen exploits over the years that have usually meant that the company releases a new version of iOS that addresses the problem.

Related: Apple releases iOS 7.0.2 update to fix lock-screen security bug

That was the case when an updated version of iOS 7 was released to address an error that meant anyone with physical access to the handset could gain partial access to data by simply using the new Control Centre that was implemented with iOS 7.