14 DAY TRIAL // Apparently Apple can’t shake off passcode lock vulnerabilities no matter how hard it tries. In the latest iOS firmware, a new such bug has been discovered that leverages Siri to bypass the four-digit passcode lock and access contacts on the phone.
As demoed in the 2-minute clip embedded below, someone with physical access to a handset running iOS 7.1.1 can perform a few gimmicks to enable Siri at just the right moment and summon the phone’s list of contacts with ease.
The risks are pretty big, considering that a person’s contacts list is one of the most personal forms of data residing on a mobile phone.
Apple will need to patch this bug in a future iOS update, perhaps in iOS 7.1.2. While they’re at it, we’d also suggest they take a look at the code responsible for crippling our battery life.
The best thing you can do to avoid having someone exploit this issue on your phone is to disable the option to have Siri accessible from the lock screen.
Another security issue in iOS 7.1.1 deals with email attachments. Discovered by security researcher Andreas Kurtz, the issue at heart is that Mail.app lacks a layer of protection for email messages attachments, one that Apple claims to offer.
The Cupertino giant has yet to confirm progress on upcoming iOS updates, but it is known to be working hard on the next-generation iOS 8.
This is not the first time Apple has to deal with a passcode lock flaw. Far from it, actually. With almost every new iOS release, hackers and amateurs alike have found ways to trick the phone into thinking that the user has entered the passcode and gain access to its contents.
In some cases, the security of the OS has been so weak that people were able to access photos, emails, and even text messages.
And although Apple prides itself on taking security matters very seriously, the company has always been slow to address such vulnerabilities both on mobile and on desktop platforms.
For example, the aforementioned Mail.app flaw was reported to the Mac maker about a month ago, and the company has yet to issue a patch.
Similarly, on iOS whenever someone finds and reports a security hole, Apple takes its time in developing a patch. Although it is understandable that it takes time to get things right, working up an update for a couple of bugs shouldn’t be such an ordeal.
