Security Flaw in iOS 9.3.1 Allows Access to iPhone Photos and Contacts

Status
Not open for further replies.

justperry

macrumors G4
Aug 10, 2007
10,133
5,208
Home is everywhere and nowhere.
Siri open WhatsApp

You dont seem to have an App called Worts Apple, Worts ab, Worts@

Guess what "Blues Spring DIN" is :D

I am dutch and have no problems whatsoever with Siri, she understands me perfectly well.
But, my iPhone is setup in English, that might make a difference although I doubt that.

I justed Siri in German on my iPad, and it understood Whatsapp and Bruce Springsteen perfectly.
Seems a fellow German does not have this problem.
 

cerote

macrumors 6502a
Mar 2, 2009
830
264
What I mean?I NEVER EVER Used Siri and I DISABLED IT.

And nevertheless - after my iPhone locked itself after a minute, I just pressed the home-button for some seconds from that "securized" and "locked" screen, the GUI of Siri appeared and - for the very first time - I just said "hey Siri!" - and Siri just told me "I connect yyou with xyz" and I found myself on the GUI of the phone-call and was connected!!!

Again:
1) I DISABLED SIRI !
2) I NEVER used Siri!
3) I could nevertheless start Siri just by simply pressing the home button and it started immediately after I just said "Hey Siri!" to connect me with someone from my contacts !!!

Is this difficult to understand??

There is a BIG SECURITY BUG indeed !!!
you press the home button shortly: You have to tap your passcode.
you press the home button for some seconds: the iPhone under IOS 9.3.1 starts SIRI although disabled, and Siri connects you immediately with someone after you just said "hey Siri!" and you find yourself on the same GUI as you do if you call intentionally someone !!!

All I get is voice control. I have always had Siri disabled.
[doublepost=1459855836][/doublepost]
I get the same. Pretty sure the guy in the video accidentally unlocked it with Touch ID or something.
That Touch ID on the 6S is crazy fast compared to previous models.
 
  • Like
Reactions: ohio.emt

MrAverigeUser

macrumors 6502a
May 20, 2015
726
332
europe
Are you sure it wasn't Voice Control or something? Not saying you are being dishonest, but it seems highly unlikely to have happened in the way you describe.

I did this several times now.

It works again and again, each time Siri connects me with a different contact.

at the beginning I wanted only to know if Siri is reactive… and was shocked that Siri even connected me without demanding it to someone from the contacts…

At the moment I don´t have the possibility to make a video - If I can, I will record this.
It is a well-working iPhone 5 (= no fingerprint lock) from 2012 32 Gb updated yesterday from IOS 9.2.1 to IOS 9.3.1

I can´t believe this…. but it is true. did it 4 times now...
 

Shirasaki

macrumors G3
May 16, 2015
9,426
3,440
Perhaps:
1. Video uploader should also verity their fingers to make sure they are not registered anyway.
2. Video should include settings related to Siri.
3. Never edit video.
4. Reproduce it at least once.

BTW I don't think iPhone is hacker proof, nor bullet proof. I do have Siri enabled although I rarely use it.
I cant use it for music either cuz it never gets english words / artists right when i tell it to play english songs while being set to german
Same in here. I cannot let it play Japanese songs with Japanese name when Siri is set to English.
Multilingual recognition is a serious problem for Siri for quite a long time.
 
  • Like
Reactions: tigertazz

enrincon89

macrumors regular
Apr 30, 2014
127
39
I just try and not working, I'm sick of fake videos.
You have to have your Twitter account linked on your phone in order to work. I tried once and it didn't work. After linking my Twitter account it worked I had access to my photos.
 

Thunderhawks

Suspended
Feb 17, 2009
4,064
2,087
What I mean?I NEVER EVER Used Siri and I DISABLED IT.

And nevertheless - after my iPhone locked itself after a minute, I just pressed the home-button for some seconds from that "securized" and "locked" screen, the GUI of Siri appeared and - for the very first time - I just said "hey Siri!" - and Siri just told me "I connect yyou with xyz" and I found myself on the GUI of the phone-call and was connected!!!

Again:
1) I DISABLED SIRI !
2) I NEVER used Siri!
3) I could nevertheless start Siri just by simply pressing the home button and it started immediately after I just said "Hey Siri!" to connect me with someone from my contacts !!!

Is this difficult to understand??

There is a BIG SECURITY BUG indeed !!!
you press the home button shortly: You have to tap your passcode.
you press the home button for some seconds: the iPhone under IOS 9.3.1 starts SIRI although disabled, and Siri connects you immediately with someone after you just said "hey Siri!" and you find yourself on the same GUI as you do if you call intentionally someone !!!
We don't believe you!!!
As somebody said: Make a video and post it.

The rest of your rants from Snowden to FBI are of no importance for this discussion.
 

Elijen

macrumors 6502
May 8, 2012
397
582
Also can't reproduce. Siri says "You'll need to unlock your iPhone first"
 

strongy

macrumors newbie
Feb 16, 2008
6
1
by default i set siri to not work from the lockscreen so doesnt affect me.
 

b0nd18t

macrumors 6502
Apr 9, 2012
299
782
Some are saying they get asked to enter a passcode, there is a step missing then. I think you have to be logged out of Twitter in the settings as well. Something like that. And then it will work.
 

coolfactor

macrumors 601
Jul 29, 2002
4,293
3,837
Vancouver, BC
What annoys me is that there is no way no make notifications anonymous. It would be nice to just read that there is a message, without names or content displaying on the screen. Androids can do that.
That's up to individual app developers to implement. Some chat apps do just what you want, as part of their privacy policy. I believe Viber is one of them. Making that a user-selected option across all apps would be a great feature, though. For me, I prefer to see the real notification on the screen, rather than have to navigate into the app to see what was sent.
 

MoietyMe

macrumors newbie
Apr 17, 2009
3
4
This doesn't seem to work on an iPhone 5 running iOS 9.3.1:


Could it be the phone is just unlocked via Touch ID?
 

MrAverigeUser

macrumors 6502a
May 20, 2015
726
332
europe
This doesn't seem to work on an iPhone 5 running iOS 9.3.1:


Could it be the phone is just unlocked via Touch ID?
!) I have two iPhone 5, this issue has been reproduced now several times on BOTH of them.
2) the iPhone 5 does NOT have a Touch ID.
So - starting the iPhone 5 by "accident" is absolutely IMPOSSIBLE.
Touch ID started with the iPhone 5s, not before.


Just tried it with the other iPhone5 (also 32GB from 2012, well-working). Yet under IOS 9.2.1

It shows the same procedure:
Although also completely disabled, Siri starts from the blocked screen after pressing the home button for some seconds and communicates with me. The SIM is momentarily blocked so no call possible by Siri. Told Siroi to connect me with someone from the contacts. Siri tries, but informs me, that connection could not be done because the SIM is blocked ("Connection not possible because no access to carrier").

So - this works on two different, well-working iPhone 5 assembled and purchased in 2012 - the first under IOS 9.3.1, the second still under IOS 9.2.1
And by coincidence, I bought the first in France (Orange, unlocked since 2013) and the other one (second hand) about one year ago in Germany.

There is definitely a security issue…


I still can´t believe it…. although it happens on two different iP5 from two different carriers and even from two different countries in Europe… how can this happen???

The first person which was non-intentionally called by Siri called back some minutes ago...…. OMG…..
 
Last edited:

WrQth

macrumors member
Jul 23, 2010
89
11
I did this several times now.

It works again and again, each time Siri connects me with a different contact.

at the beginning I wanted only to know if Siri is reactive… and was shocked that Siri even connected me without demanding it to someone from the contacts…

At the moment I don´t have the possibility to make a video - If I can, I will record this.
It is a well-working iPhone 5 (= no fingerprint lock) from 2012 32 Gb updated yesterday from IOS 9.2.1 to IOS 9.3.1

I can´t believe this…. but it is true. did it 4 times now...
When you disable Siri the feature called 'Voice Dial Only' appears and you can choose the language but can't disable this feature it seems. This feature is not Siri, it is just local voice recognition for dialing only.
 

djcerla

macrumors 68000
Apr 23, 2015
1,657
6,668
Italy
You have to have your Twitter account linked on your phone in order to work. I tried once and it didn't work. After linking my Twitter account it worked I had access to my photos.
So, basically it works only under a small subset of non-default conditions?
Just tried it with the other iPhone5 (also 32GB from 2012, well-working). Yet under IOS 9.2.1

It shows the same procedure:
Although also completely disabled, Siri starts from the blocked screen after pressing the home button for some seconds and communicates with me. The SIM is momentarily blocked so no call possible by Siri. Told Siroi to connect me with someone from the contacts. Siri tries, but informs me, that connection could not be done because the SIM is blocked ("Connection not possible because no access to carrier").

So - this works on two different, well-working iPhone 5 - the one under IOS 9.3.1, the other under IOS 9.2.1
And by coincidence, I bought the first in France (Orange, unlocked since 2013) and the other one (second hand) about one year ago in Germany.

There is definitely a security issue...
So you have 2 phones right? Make the damn video then
 

Status
Not open for further replies.