IOS 5 – Siri Authentication Bypass

Unauthenticated users using the new iPhone 4S can perform actions without entering a lock code via the new SIRI Function.

Bypass is performed via a 2-second hold of the phone button and a spoken command. All of Siri’s functions (making a call, sending a text, making a calendar appointment, etc) are available, even when an iPhone is locked with a passcode.

Typically one assumes that when they set a password lock on their iPhone, they can leave their phone unattended and expect it to not be tampered with (EG in offices, homes, in the Girlfriends car, etc) and that they are the only ones with the unlock code. With SIRI enabled, the unlock code is useless as any individual can use SIRI commands even when the phone is locked.

A terrifying example would be the following. A girl goes to dinner with her friends ex-boyfriend. They are still friends, but the guy is a little crazy over his ex and his ex-girlfriend wants nothing to do with him. During dinner, the friend leaves her *locked* iPhone 4S on the table while she goes to the bathroom. The crazy ex-bf takes her phone, see’s the lock screen, and proceeds to hold the home button down for two seconds summoning SIRI. He asks ‘Where is [name of girlfriend]‘. SIRI willingly pulls up her location from the ‘find friends’ app showing her exact location, which, to add drama, is the guys best friends house. I’ll leave the rest of the story to the imagination.

–Triskt

*update* 10/18/11 03:16:00 AM
Wow, it seems like I’m late to the iPhone party. Please see MacWorld article…
http://www.macworld.com/article/163055/2011/10/how_to_prevent_siri_access_while_your_iphone_4s_is_locked.html

And a relevant discussion on Reddit…
http://www.reddit.com/r/netsec/comments/lg19g/ios_5_siri_authentication_bypass/

Leave a Reply