Siri bug gives access to iPhone 6s, 6s Plus contacts, photos

Some iPhone and iPad users swear by Siri, praising how the smart assistant has made their digital lives a tad more convenient. But such convenience comes at the price of granting Siri access to your device and app information. When left unchecked, this could lead to some troubling circumstances. Take for example this recently discovered flaw that would let unauthorized people access an iPhone's contacts and photos even from a locked screen. All because Siri might just be a tad too eager to help anyone who asks.

This particular exploit is combination of a lock screen vulnerability and a flaw in Siri's behavior when running on a locked screen. It was publicized by Jose Rodriguez, a.k.a. videosdebarraquito on YouTube. He happens to be the same guy who revealed another lock screen vulnerability September last year, causing Apple to roll out a patch promptly.

Last year's security flaw involved a rather convoluted process of entering numbers for the PIN code. This time, it's as simple as activating Siri with a long press of the home button, asking her to make a Twitter search, and the hope that it results in some Contact data like an e-mail address. If that's the case, you will be able to use 3D Touch to bring up the option to add or modify the contact. This leads to opening the iPhone's contact list and being able to view Photos, depending on how the app is configured. Considering 3D Touch is required in the process, the flaw is limited to the iPhone 6s and 6s Plus.

Actually, it's even more limited than that. While it doesn't require repeated entry of numbers, the vulnerability only exists under a specific set of circumstances. Specifically, the owner should have granted Siri access to Twitter, Contacts, and Photos. That, however, only happens when you've actually asked Siri to do the Twitter search at least once. Some have reported that the same flaw happens when searching for WhatsApp posts.

For now, the only way around this bug is to revoke Siri's access to Twitter and Photos until a fix is made available. That is, if that is truly a desired feature. There might only be a very small subset of users of that feature but it's still something worth checking nonetheless.

VIA: Apple Insider