14 DAY TRIAL // iOS 8 suffers from a flaw where someone with physical access to a device can enable Siri on the lock screen even if the option has been switched off in the phone’s settings.
We’ve confirmed that the bug is indeed real, but it’s also very unlikely to be exploited to obtain someone’s private data, despite allowing access to the phone’s most intimate contents.
How to replicate the bug
It isn’t clear if Redditor quiteapairofsocks was the first to discover this flaw and report it to Apple, but as far as we’re concerned, he was the first person to make a post about it and spread the word.
He admits that “It isn't very threatening, because the phone needs to be unlocked first to perform the ‘hack,’ but it is something that could be exploited.”
It goes like this. You first need to go into your device’s Passcode settings and activate passcode lock. At this point several new options appear, including the ability to switch off Siri access from the lock screen. With these settings enabled, here’s how the bug can be exploited, so to speak. When in the Home screen, quickly press and release the Sleep/Wake button and then rapidly hit the Home button (before the screen goes completely dark but not too fast so you don’t take a screenshot).
“If performed correctly, the phone should go to sleep mode, and then activate Siri,” according to quiteapairofsocks.
Why is this happening?
We tested this and it works. It’s also pretty obvious what’s going on. The phone doesn’t go to sleep until the screen actually goes 100% dark. In the short time it takes to get there, Siri still thinks she’s allowed to assist, despite the phone already receiving instructions to go into sleep mode, and implicitly a locked state.
“I sent a bug report about this to Apple a few weeks back, but since it wasn't fixed in iOS 8.02, I decided to warn others of it,” the user writes.
No reason to panic
While the bug is there, it’s also one of the most impractical ones we’ve seen so far.
Basically you can’t do anything with it unless the user leaves the phone unlocked on a table somewhere, you get to it before it automatically locks itself, you accidentally hit the Sleep/Wake button, then suddenly remember about the bug, and in a split second hit the Home button to activate Siri. The scenario is improbable, if not almost impossible.
And yes, chances are Apple will address it in a software update. But we don’t expect the company to make this one a top priority.