Ways to bypass the iOS lock screen using Siri
Siri (Russian Siri, Back Speech Interpretation and Recognition Interface) is a personal assistant and question-answer system developed for iOS. This application uses natural speech processing to answer questions and give recommendations. Siri adapts to each user individually, studying his preferences over time.
Initially, Siri became available in the App Store as an application for iOS from Siri Inc. Soon, on April 28, 2010, Siri Inc. Was acquired by Apple Inc. But even before Apple bought Siri, it was announced that their software would be available for BlackBerry phones and Android-powered phones, then those plans were canceled because of the purchase. Now Siri is an integral part of iOS and is available for most of the devices manufactured by the company: iPhone (4S and older), iPad (third generation and older, as well as all devices of the iPad mini line), iPod touch 5g and Apple Watch. Despite this, hackers were able to adapt Siri to older models of devices. November 8, 2011 Apple publicly stated that it has no plans to integrate Siri into older products due to the lack of a filter chip in the background noise.
A fresh way to bypass the lock screen proves once again the rightness of experts recommending disabling the use of Siri with the active lock screen in order to avoid various problems. The problem was discovered by the bloggers EverythingApplePro and iDeviceHelps. Bug is present on the iPhone and iPad, running under iOS 8 and newer , including the latest iOS 10 . To successfully implement the attack, as usual, you will need physical access to the phone, and the active active Siri with the lock screen on.1
First, the attacker needs to find out the phone number of the victim, and for this just needs an assistant Siri: he needs to ask the question " who am I? "( Who am I? ). Then, knowing the number of the victim, the attacker must call her or initiate the call through FaceTime. It does not matter how the smartphone is blocked, with a password or with the help of the Touch ID, when the call comes, there will be an opportunity to answer it. At this point, the attacker needs to click on the "Messages" icon and select a custom message, supposedly in order to reply via SMS. Although the screen lock is still active, a window will appear for typing a new message.2
Now the attacker will again need help from Siri. You need to tell the assistant to activate the VoiceOver function. This is a gesture-controlled voice interface function, without activation of which the attack will not work.3
Returning to the screen of the message set, the attacker will need to show some "sleight of hand". You have to double-click on the field for entering the name of the recipient of the message, at the same time pressing any symbol on the keyboard. This may take several tries, but if everything went well, the attacker will be able to type in the "To" field something arbitrary, although initially the message should have been intended specifically for the one who just called the device.4
Since the attacker "unlocked" access to the "To" field, he has access to the entire address book of the victim. At this stage, you can disable VoiceOver, as it is no longer needed and is pretty annoying.
In the victim's contact list, you need to find an entry with the "i" icon, click on it, and then go to create a new contact.6th
In addition to accessing all contacts and the victim's photo, the attacker can also select any contact from the list and see all the dialogs that the device owner previously had with this user.
Demonstration of the attack in the performance of EverythingApplePro and iDeviceHelps:
The lock screen on the iPhone 6S and 6S Plus can be bypassed, even if they are running the latest iOS 9.3.1. Protection can be deceived with the help of Siri, which will allow the attacker to access the list of contacts and photos of the victim.
Now Rodriguez has discovered that circumvention of the lock is still relevant and can be implemented on the iPhone 6S and 6S Plus with 3D Touch support. The problem applies to all devices running on iOS 9.2 or higher, including iOS 9.3.1, which was released last week. The researcher has published a proof-of-concept video, which can be seen below. The action scheme for exploiting the bug has changed a little, here's what you need to do to trick the iOS protection:1
Lock the device.2
Call Siri and say "Search Twitter".
Siri asks what to look for, you need to answer "at-sign Gmail dot com" ("@ gmail.com") or name any other popular email domain. The idea is that you need to find tweets containing email addresses.4
Having received the results, click on any tweet with the mail address.4
Now we use 3D Touch on the email address to open the context menu.5
Select "Create New Contact".6th
Now you can add an image, that is, view all the images stored on the device.
If you use the "Add to Existing Contact" option, you can also view the entire contact list of the victim.
The researcher recalls that until the bug is fixed, which means that anyone who has physical access to the smartphone can access personal data.
In iOS 9, a vulnerability has been discovered that, with physical access to the device, allows you to bypass the protection of the operating system and literally within 30 seconds to gain access to other people's contacts and photos.
Any device running iOS 9 is vulnerable to this bug (iPhone, iPad or iPod touch), even a protected Touch ID. Bypassing the device's password for an intruder will help ... Personal Assistant Siri.1
"Wake up" the device and type the password incorrectly 4 times.2
During the fifth attempt to enter a password, enter 3 or 5 characters (depending on how long the password is). Instead of entering the last character, press and hold the "Home" button to call Siri. At the same time, enter the last character of the password.3
If everything is done correctly, Siri will appear. Ask the assistant, what time is it.4
Click on the Clock icon to open the Clock application and select the addition of a new clock (new Clock). In the "Choose a City" field, type any random rubbish.4
Double-click on the typed word to bring up the copy & paste menu, "Select All", and then click on "Share".5
In the options, click on "Message" and again type something on the keyboard, then click "Return" and twice on the contact name on the top.6th
Choose Create New Contact, click Add Photo, and then Choose Photo.7th
Now you can see the entire image library of the device, which, among other things, is still locked with a password.
The video demonstrates the described method in action:
While Apple has not fixed this bug, but you can protect yourself. To protect yourself from hacking, users are once again advised to turn off the Siri assistant if the phone is locked . You can do it in Settings ( Settings> Touch ID & Passcode ). There is no official fix for the vulnerability yet.