Resolved MAJOR security bug in iOS 8.0.2

Status
Not open for further replies.

bcharleson

macrumors member
Original poster
Sep 19, 2014
86
10
Hello all,

I just discovered this morning a major security bug in iOS 8.0.2 with my iPhone 6. From the lock screen and passcode/TouchID enabled, I initiated Siri and asked her to find the phone number to a local dry cleaners business. Siri pulled up web results on the lock screen. I clicked on one of the results to retrieve the number and it pulls up Safari web browser to get the number. From there, I hit the home button and now I have full access to the phone without entering in my passcode/touch ID.

Boo! Hope this gets fixed ASAP.
 

Paddle1

macrumors 68040
May 1, 2013
3,416
1,164
Hello all,

I just discovered this morning a major security bug in iOS 8.0.2 with my iPhone 6. From the lock screen and passcode/TouchID enabled, I initiated Siri and asked her to find the phone number to a local dry cleaners business. Siri pulled up web results on the lock screen. I clicked on one of the results to retrieve the number and it pulls up Safari web browser to get the number. From there, I hit the home button and now I have full access to the phone without entering in my passcode/touch ID.

Boo! Hope this gets fixed ASAP.
You unlocked the phone by pressing the home button.
 

gibbz

macrumors 68030
May 31, 2007
2,690
98
Hello all,

I just discovered this morning a major security bug in iOS 8.0.2 with my iPhone 6. From the lock screen and passcode/TouchID enabled, I initiated Siri and asked her to find the phone number to a local dry cleaners business. Siri pulled up web results on the lock screen. I clicked on one of the results to retrieve the number and it pulls up Safari web browser to get the number. From there, I hit the home button and now I have full access to the phone without entering in my passcode/touch ID.

Boo! Hope this gets fixed ASAP.
Did you report this to Apple?
 

EdgardasB

macrumors 6502a
Apr 14, 2014
618
80
Lithuania
Hello all,

I just discovered this morning a major security bug in iOS 8.0.2 with my iPhone 6. From the lock screen and passcode/TouchID enabled, I initiated Siri and asked her to find the phone number to a local dry cleaners business. Siri pulled up web results on the lock screen. I clicked on one of the results to retrieve the number and it pulls up Safari web browser to get the number. From there, I hit the home button and now I have full access to the phone without entering in my passcode/touch ID.

Boo! Hope this gets fixed ASAP.
Disable Touch ID and then check again.... ^^
 

bcharleson

macrumors member
Original poster
Sep 19, 2014
86
10
And you activated Siri (held down the Home button) with a finger not registered with Touch ID, correct?
Yep, just reproduced the bug.

From the lock screen, press and hold home button, ask Siri for phone numbers for something and it'll pull up results (I said dry cleaning). It pulled up results and brought up Apple Maps. From there I hit the home button and I now have full access to the phone without entering my passcode/TouchID.

iPhone 6/8.0.2

----------

Do you have touchid enabled?
Yes I do.
 

geoffm33

macrumors 6502
Dec 27, 2010
308
145
Can you try again but use a pencil eraser or some other soft tipped thing to press the home button? This would rule out your finger unlocking the device when pressing the home button.
 

EdgardasB

macrumors 6502a
Apr 14, 2014
618
80
Lithuania
Yep, just reproduced the bug.

From the lock screen, press and hold home button, ask Siri for phone numbers for something and it'll pull up results (I said dry cleaning). It pulled up results and brought up Apple Maps. From there I hit the home button and I now have full access to the phone without entering my passcode/TouchID.

iPhone 6/8.0.2

----------



Yes I do.
Try to press home button with not registered finger. Because when you press/ touch with registered finger, it unlocks your iPhone...
 

bcharleson

macrumors member
Original poster
Sep 19, 2014
86
10
Try to press home button with not registered finger. Because when you press/ touch with registered finger, it unlocks your iPhone...
Good point! Let me try this...

You guys are awesome..the holding down of the home button with registered finger unlocks the phone. I tried it plugged in and did it through "Hey Siri" as well as a stylus and it asked me for the passcode/TouchID.

Disregard! Thanks guys.
 

DaveNJ80

macrumors newbie
Jun 1, 2011
11
0
SMH! I swear, people just need to enjoy the phone instead of spending their time looking for flaws in it. Since this iPhone has come out, these forums are filled with more BS topics then ever. I swear these are undercover Samsung/android users.
 

EM2013

macrumors 68020
Sep 2, 2013
2,009
1,701
Smh how many times have we seen a thread like this about a "major security bug" only to find out the user was unlocking the phone with their registered finger.
 

cynics

macrumors G4
Jan 8, 2012
11,554
1,873
Here is the real bypass


Its amazing that people can continually find ways around Apples security. That just looks like sloppy programing on Apples behave. Hopefully they fix it without breaking too many other features.

Just imagine all the security flaws people are going to find with ApplePay.
 
Status
Not open for further replies.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.