Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iOS lock screen security flaw

X-X said:
On a locked iPhone/iPad everyone can (via Siri) look up contacts post stuff to Facebook and more.

Without fingerprint, without passcode, on a locked iDevice.

WHY IS THIS STILL NOT FIXED?
Click to expand...

If you don't want that, just disable Siri for the lock screen. Fixed.
 
Also how does "everyone" get a list of Contacts/info to show without knowing the contacts name?

EDIT: I have tried several queries and I can't get contact info to show without knowing the contact info.
 
Last edited:
It's always funny how some people complain about the fact that Apple doesn't give us freedom/choices...but when they do there is always someone who is talking about security issues or similiar.


You can disable siri in the lockscren by going to Settings => code => enable use when device is locked => siri => 0
 
I expected that comment ps3zocker, thank you. /s

Problem is 99% of users don't realize that this is possible by default.
 
Disable Siri on lock screen. Problem solved.
X-X said:
I expected that comment ps3zocker, thank you. /s

Problem is 99% of users don't realize that this is possible by default.
Click to expand...

That's not the crux of your OP. You intimated that it wasn't fixable. It is. Whether most people find it a problem and don't know how to change it is a different issue.
 
Ntombi said:
Disable Siri on lock screen. Problem solved.





That's not the crux of your OP. You intimated that it wasn't fixable. It is. Whether most people find it a problem and don't know how to change it is a different issue.
Click to expand...


I agree. He backpedals.
 
X-X said:
Here's a video

http://www.youtube.com/watch?feature=player_detailpage&v=NTA8k4tyY78#t=103
Click to expand...

Could be better but you can't get Contact info unless you know the persons name. While someone posting to Facebook and adding info to Notes could be inconvenient they are hardly a security issue and more of a prank potential.

I agree Apple should tighten this up but I don't see how it's a big security issue since you can't get usable info from an unknown iPhone.

EDIT: Missed the part about the call log and it's potential was not covered. However you can use the names in the call log to ask for the Contact info. This is definitely a security issue that needs to be addressed.
 
Last edited:
Julien said:
you can use the names in the call log to ask for the Contact info.[/b] This is definitely a security issue that needs to be addressed.
Click to expand...

Yes and via "Other..." button you get full access to all contacts as well.

http://www.youtube.com/watch?v=aGTrCH2s5RU


So again...on a locked iPhone everyone can post to Facebook, call people, Skype people, get access to all messages, contacts, complete call history and more.

At this point, why even lock the phone?

This should not be the default behavior.
 
Sigh... To all you "disable Siri" people you're missing the damn point!! The fact that I have to enter a password or my fingerprint to delete an email from the lock screen, but a two year old with happy fingers can text my boss that he needs to potty is plain and simple carelessness in UI design!!! And "disable Siri on the lock screen" pretty much negates the existence of Siri!!!
 
I have tried every combination possible on iPad Air, with iOS 8, but cannot access anything without entering a passcode.
 
Thanks for the post. I have now disabled my siri from lock screen. Far too much info was in my notes section to be shared.
 
aggiesrwe03 said:
Sigh... To all you "disable Siri" people you're missing the damn point!! The fact that I have to enter a password or my fingerprint to delete an email from the lock screen, but a two year old with happy fingers can text my boss that he needs to potty is plain and simple carelessness in UI design!!! And "disable Siri on the lock screen" pretty much negates the existence of Siri!!!
Click to expand...

Siri is enabled by default and I want the convince. Have you disabled it? If not I can likely get your address.

Just push the Home button and say "show my phone call log" and you will get a list of phone call and names. Just scroll through the list and look for a pattern (most called by name). Then one that has the most will likely be the significant other of the iPhone owner. Now hit the Home button and say "Contact info for Jane Doe" and you have the iPhone owner's address.

Just do it and see how easy it is. Pick up any iPhone and...

1) Say "show my phone call log"
2) Pick most often call and say "Contact info for Jane Doe"

There is NO way you should be able to get a log of all phone calls made by the iPhone just by asking from the lock screen.

----------
robkat said:
I have tried every combination possible on iPad Air, with iOS 8, but cannot access anything without entering a passcode.
Click to expand...

The iPad doesn't have phone call log info.
 
It's been a while since I've set an iOS device up as new.
Is it the default to have a passcode?
If not, then your whole device is insecure as default, not just SIRI.
 
i agree with the OP, there should be more options to define what siri can and can not do.
 
crispyking said:
It's been a while since I've set an iOS device up as new.
Is it the default to have a passcode?
If not, then your whole device is insecure as default, not just SIRI.
Click to expand...

With regard to a passcode you get prompted when setting up as new or most will have seen it during the iOS8 upgrade. It asks you to set a passcode during the process and the option to ignore it is a lot smaller and even if you choose it you are asked if you are sure so it really does try to make you set one.
 
crispyking said:
It's been a while since I've set an iOS device up as new.
Is it the default to have a passcode?
If not, then your whole device is insecure as default, not just SIRI.
Click to expand...

This thread is about fully locked (passcode enabled) iPhones. You shouldn't be able to get a full call history with complete names, address, email and phone numbers from a locked iPhone.

Using my method you will likely get the home contact info for the iPhone owner.
 
Julien said:
This thread is about fully locked (passcode enabled) iPhones. You shouldn't be able to get a full call history with complete names, address, email and phone numbers from a locked iPhone.

Using my method you will likely get the home contact info for the iPhone owner.
Click to expand...

No, this thread is about accessing all that data on a locked iPhone through Siri.
When it was pointed out that Siri on the lockscreen can be turned off, the point became that it was enabled by default.
Siri should be able to access that data, even from the lockscreen. But that should be an opt-in situation.

I was asking if passcode was enabled by default. If it wasn't then the whole phone would be insecure as default. And that the issue with Siri wouldn't really apply as it could be changed when setting up the passcode.

As the passcode is enabled by default, then the original point still stands. Siri can access private data from the lock screen.
 
I think you'll find Touch ID is "unlocking" the phone allowing Siri full access.

Try holding the button down on a finger not registered for Touch ID and see if it lets you do these things.
 
Nozuka said:
i agree with the OP, there should be more options to define what siri can and can not do.
Click to expand...

This. When TouchID was introduced I thought IOS7 allowed you to configure the lock screen to only allow access to Siri with a recognised fingerprint. I'm wondering now if this was ever the case, or whether this feature has been removed in IOS8 (which would not make sense).
 
I just tried this on my iPhone 5.

Asked siri to show my phone call log and siri replied with "you need to unlock your iPhone first"
 
StuartL said:
Asked siri to show my phone call log and siri replied with "you need to unlock your iPhone first"
Click to expand...

No it does not. "Show me recent calls" gives you a call log without any authentication.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back