Feature Article

Free eNews Subscription>>
October 02, 2013

Apple's iOS7 Dealing with Major Security Bugs for Siri

Apple's new iPhone has major lockscreen vulnerabilities connected to its Siri voice control system. Siri grants full access to the phone application.

The vulnerabilities were discovered by an Israeli security researcher Dany Lisiansky. The hack involves the use of Apple's voice-controlled digital assistant Siri on an iPhone's lockscreen. The Siri voice control system can be used to initiate a FaceTime call. This allows hackers to invoke a security glitch in the iOS 7 software to access the phone app.

Lisiansky says that to accomplish the hack you must have two phones. One phone is to be hacked and the other phone is used to initiate a call over the FaceTime system. Next a series of actions on the first phone to the phone app. are completed. A hacker can then see a user's call history, contacts, and initiate “answer phone calls.” The hacker is now able to make calls and send out e-mails by initiating the "send contact" message and then altering it.

Graham Cluley, an independent expert on IT security states, "This isn't quite as serious as some of the other iPhone security flaws that have been exposed in the past, because it doesn't grant access to other apps apart from the phone app."

There is one way that iPhone users can protect themselves, and that is by deactivating Siri access on the lockscreen. They can do so in the app settings menu under the passcode lockscreen option.

Issues with Siri's security were first questioned right after the original launch in October of 2011. The questions were raised because, when active from the lockscreen, it allows actions such as accessing calendars and sending e-mails even while the iPhone is locked.

Cluley says, "It just seems crazy that locking your phone doesn't entirely lock it down. A feature that enables access to any function of the phone while locked should not be enabled by default. It shows Apple's focus is on features rather than security," Cluley said.

Almost every major iOS had security flaws that were discovered by hackers. There were even issues with the initial release of iOS 7 because it allowed access to private data that included photos, email, Twitter and Flicker accounts.

"It's like Apple's playing security flaw whack-a-mole right now. A phone's operating software is very complex, involving many millions of lines of code, but it's because Apple's iOS garners much more attention than other platforms that these flaws are found. Hackers everywhere are having fun and gaining kudos for finding these flaws – Apple should be hiring these guys to test its software," Cluley concluded.




Edited by Alisen Downey


FOLLOW MobilityTechzone

Subscribe to MobilityTechzone eNews

MobilityTechzone eNews delivers the latest news impacting technology in the Wireless industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter