A new iPhone exploit could allow “hackers” with physical access to your device to view personal data without inputting a passcode, according to a new report.
The exploit was first brought to public attention by a series of YouTube videos detailing the process. It primarily affects phones with Siri enabled on the lock screen. Thankfully, it’s a bit of a complicated trick, and requires very precise timing. But if pulled off successfully, it could allow assailants to bypass the lock screen and access your phone’s contact information, message logs, and even photos, according to PhoneArena.
The process involves calling the phone that an attacker wants to gain access to. From the incoming call screen, the attacker taps the “Message” button, and chooses the “Custom” option. This, of course, pulls up a reply screen in Messages. After that, Voice Over needs to be enabled by asking Siri to turn the feature on. Then, an assailant needs to double-tap the recipient field at the exact same time as tapping on a random key.
From here, an attacker can view all of your contact information. Additionally, by creating a new contact from here, attackers could view your camera roll by way of the option to add a contact picture, Gizmodo reported.
Although the YouTube channels have reported that the exploit works on any phone running iOS 8 or later, quite a few news sites have tested it — with mixed results. AppleInsider was able to gain access to an iPhone SE, an iPhone 6 Plus, and an iPhone 6s Plus. Gizmodo writers were only able to break into an iPhone 6. Neither site was able to use the exploit on an iPhone 7 or iPhone 7 Plus — possibly due to the slightly different keyboard pop-up timing on the new devices, AppleInsider reported.
This isn’t the first lockscreen-bypassing exploit to have surfaced, however. And there’s arguably no need to panic about this one. The exploit requires prolonged physical access to your phone, and although some of your data can be viewable, attackers can’t really do much of anything else.
One of the YouTube channels that detailed the hack, iDeviceHelp, said that it has submitted the exploit to Apple — so it’s likely that the glitch will be fixed in an upcoming update. But if you’re really paranoid about the exploit, however, you can easily foil it by simply disabling Siri on the lock screen by following these three, easy steps.
- Open Settings.
- Scroll down, and tap on Siri.
- Make sure Access on Lock Screen is disabled.