As we always say, the perfect operating system does not exist. A security flaw has been discovered affecting the latest iPhone models, the iPhone 6s and iPhone 6s Plus. The problem, discovered by Jose Rodriguez, only affects some devices and allows access our contacts and photos without having to enter our security code or our fingerprint. The good news is that we can avoid this problem. The bad thing is that, as always, if we avoid it, we will reduce the user experience.
The glitch can be exploited invoking SiriEither by long pressing the start button or by using the command "Hey Siri" and asking you to do a search on Twitter. If the results contain contact information with which we can interact, such as an email address, a 3D Touch gesture can be used to launch a context menu with options to send an email and add or modify contact information. From the 3D Touch shortcuts, tapping on "Add to existing contact" will open our contact list, which can allow access to photos if configured.
In order for this flaw to be exploited, we have to allow Siri to access our Twitter account, Camera Roll, or related apps, which would allow it to search and show results via Siri. As you can see in the video, for it to work we must also do a previous step: write a tweet with an email (it can be false and even from a server that does not exist, such as test@hola.es) so that we can use the 3D gesture Touch.
How to fix the new Siri bug
As the saying goes, "dead the dog, the rage is over." I am not seduced by the idea and in fact I am not going to do it, but if we restrict Siri from the lock screen we will not suffer this or many other problems that have appeared, most of them that allow us to do a ByPass using Siri. But there are also other solutions:
- Disable Siri's access to Twitter. We can deactivate it from Settings / Twitter and deactivating Siri.
- Turn off Siri access to photos from Settings / Privacy / Photos and restricting access.
The normal thing, and in fact it is what usually happens, is that as soon as you ask Siri to do this type of search, it answers "First you have to unlock the iPhone" and do not take another step if we do not identify ourselves. But sometimes, this security measure fails and our data is exposed. Now we have to decide whether to enjoy all the functions of the iPhone 6s or reduce our experience when using it. In any case, most likely this failure is fixed in a future update.
Hey, it happened to you, that WhatsApp in the chats tells you:
«The chats and the calls, it has. End-to-end encryption »has someone else happened to you? Or is it a joke on the part of WhatsApp ...
Hello Rafael. It is not a joke. They have published it today and I will echo it in a few minutes 😉
That means that until now they only encrypted messages, but from today they will also encrypt calls, videos and everything. The theory says that only you and your contact can access what you share via WhatsApp.
A greeting.
I already tried it like the video and when I asked to look for it in tweter first it tells me to unlock the device I have iphone 6s plus with ios 9.3.1
This problem has been around for a long time
Ideally, not allow Siri to activate on the locked terminal.
+1
It is not a security flaw, as easy as not giving Twitter access to Siri, period. Always misinformed
SENSATIONAL ARTICLE!
Lizz11 is a yes or yes, Apple has solved it from the Siri server, being a Fanboy is not good for your health.