Wednesday 6 April 2016

Apple Fixes iPhone Flaw That Allowed Siri Twitter Search To Access To Photos, Contacts

No one likes a snoop. That’s why Apple says it has fixed a security flaw in the iOS operating system that allowed the Siri virtual assistant to search Twitter on locked iPhones, leading to the unauthorized access of photos and contacts.

The flaw, which was first highlighted in a YouTube video, made it possible to access an iPhone 6S or 6S Plus user’s contacts and photos from the lock screen by using the device’s 3D Touch feature.

The hack worked by asking Siri — from a locked screen — to search Twitter for any result with an email address. From there, the user could tap the email link using “force touch” and select “create new contact” or “add to contact.” This takes the user to the phone’s address book, where they could gain access to the other contacts and the photo library.

While the issue only applied to devices in which users have integrated Siri with Twitter and photos, the bug proved it was possible to bypass iPhone’s security and open the door to the hacks.

Apple tells the Washington Post that it fixed the issue on Tuesday, preventing Siri from being allowed to search Twitter from the locked screen under any circumstance.

Users must enter their passcode or scan their finger before Siri will be able to perform the search.

The issue was corrected through Apple’s server, so there’s no need for iPhone users to install an iOS update.

Apple has fixed a bug that let anyone look at your photos and contacts by using Siri [The Washington Post]


by Ashlee Kieler via Consumerist

No comments:

Post a Comment