Siri well be your own and carry with you everywhere assistant, his intelligence and his personality does not fit in your iPhone, as you can also see when you suddenly have more access to the network. Summon Siri is connect to the Apple server.
This explains that the Cupertino company could update the security flaw that affected the virtual assistant without having to update iOS and only hours after the flaw was published … We mentioned yesterday (see below), this security problem indeed allowed to bypass the lock screen and access to your contacts and your photos by doing a simple search on Twitter for Siri on a locked iPhone.
Now when we try to search for Twitter since Siri while the iPhone is not active, it is necessary imperatively enter its code. If it loses fluidity of use, safety we win.
Also, Apple seems to have taken advantage of this update to fix a bug which also involved an interaction via Siri. The wizard allow you to activate the Night Shift mode while you were in power saving mode. Now, when you make this request to Siri, a message tells you that Siri will disable power saving mode if you agree …
First published Tuesday, April 5, 2016, at 11h56.
a flaw allows access to contacts and pictures of an iPhone without entering a code
If you own an iPhone 6s and 6s Plus, it is likely that you are exposed in a security breach that has just discovered Jose Rodriguez, as he proves in a video posted on YouTube. Do not panic, however, the scenario which leads to access to your contacts and images is very specific and requires certain prerequisites … However, with a 6s iPhone, iOS 9.3.1, we managed to reproduce this handling identical …
– Since the locked home screen of the iPhone, the attacker invokes Siri, through the Say function, Siri or pressing and holding the Home button.
– It must then ask the wizard voice to search on Twitter. The goal is to find an email address. Then simply ask Siri to find “@ gmail.com” or “@ yahoo.com”. Regardless of the field, as it is popular and gives a result.
– Once the proper updates found with a clickable email address, you must use the 3D Touch, exclusive for now the 6s and 6s Plus.
– From the context menu that appears, the attacker asks to add this email address to an existing contact
Therefore, it has access to all contacts from. iPhone, without being asked to enter the activation code. Better, the function to illustrate the contact card with a photo opens wide access to the library. The malicious attacker can therefore view all your photos with ease.
Jose Rodriguez, who has already made about him last September for a similar finding, also specified in Apple Insider that this flaw works with a search in the list of WhatsApp friends.
to protect against this vulnerability, pending a fix from Apple, better prevent Siri access Twitter from Settings / Twitter. The most extreme solution would obviously turn off Siri altogether …
Source:
Apple Insider
No comments:
Post a Comment