If you own an iPhone 6s and 6s Plus, it is likely that you are exposed to a security breach that has just discovered Jose Rodriguez, as he proves in a video posted on YouTube. Do not panic, however, the scenario which leads to access to your contacts and images is very specific and requires certain prerequisites … However, with a 6s iPhone, iOS 9.3.1, we managed to reproduce this handling identical …
– Since the locked home screen of the iPhone, the attacker invokes Siri, through the Say function, Siri or pressing and holding the Home button.
– It must then ask the wizard voice to search on Twitter. The goal is to find an email address. Then simply ask Siri to find “@ gmail.com” or “@ yahoo.com”. Regardless of the field, as it is popular and gives a result.
– Once the proper updates found with a clickable email address, you must use the 3D Touch, exclusive for now the 6s and 6s Plus.
– From the context menu that appears, the attacker asks to add this email address to an existing contact
Therefore, it has access to all contacts from. iPhone, without being asked to enter the activation code. Better, the function to illustrate the contact card with a photo opens wide access to the library. The malicious attacker can therefore view all your photos with ease.
Jose Rodriguez, who has already made about him last September for a similar finding, also specified in Apple Insider that this flaw works with a search in the list of WhatsApp friends.
to protect against this vulnerability, pending a fix from Apple, better prevent Siri access Twitter from Settings / Twitter. The most extreme solution would obviously turn off Siri altogether …
Source:
Apple Insider
No comments:
Post a Comment