Security issue with iOS 8.4 Public Beta 2

[nerdriot]

I wanted to post this year just in case anyone else was able to re-create what I've done. First, I asked Siri to locate a family member which brought up a map of their location on the lock screen. Tapping the map automatically opens maps, without having to unlock the phone. I tested this with other apps as well, namely Twitter and Facebook, and almost invariably it would allow me to bypass the touch ID and passcode and automatically launch the app by simply asking Siri from the lock screen to open them.

I don't remember this being an issue in 8.3. Before, it would always say, "You need to unlock your iPhone first."

 

[C DM]

How did you go about activating Siri on the lock screen to begin with, so that you could make your requests?

 

[dearfriendx]

Wow I just tried this. Needs attention. I'll report it also

 

[nerdriot]

I also reported it in the Feedback app. Certainly others have noticed this and reported it as well, so hopefully this will be fixed in the next release.

So just as a heads-up for any of you running 8.4 beta on your device, it's probably a good idea to keep your device in your sight and try your best not to misplace it. This could be a potentially dangerous issue.

 

[C DM]

So anyone care to answer how they are accessing Siri from the lockscreen?

 

[netsped]

So anyone care to answer how they are accessing Siri from the lockscreen?

I bet they are holding the home button/touch id sensor with their registered finger thus unlocking the phone and activating Siri with one touch.

On my iPhone 6 with iOS 8.3 if I activate Siri with a finger that is not registered, it will ask me to unlock the iPhone before doing certain things (like placing a call or opening an app).

 

[C DM]

I bet they are holding the home button/touch id sensor with their registered finger thus unlocking the phone and activating Siri with one touch.

On my iPhone 6 with iOS 8.3 if I activate Siri with a finger that is not registered, it will ask me to unlock the iPhone before doing certain things (like placing a call or opening an app).

That's basically what I was trying to figure out. Vast majority of these types of "exploits" end up coming down to that (and thus not being exploits).

 

[nerdriot]

How did you go about activating Siri on the lock screen to begin with, so that you could make your requests?

Sorry for the belated response. You'll find it in Settings > Touch ID & Passcode.

 

[C DM]

Sorry for the belated response. You'll find it in Settings > Touch ID & Passcode. Image

Right, that's the setting to allow it to be used on the lock screen. So once that is enabled, and you are on the lock screen, what did you do to bring up Siri there?

 

[nerdriot]

I held down the home button, which leads me to believe you guys are most likely correct; I'm using a finger that I've enabled for Touch ID, so that may be the case.

However, I had someone I know who uses 8.3 try the same thing and it didn't happen. They may have been using a different finger.

----------

Sorry for the misunderstanding, by the way. I thought you were asking how to activate Siri for use on the lock screen. My brain isn't fully functional today.

 

[C DM]

I held down the home button, which leads me to believe you guys are most likely correct; I'm using a finger that I've enabled for Touch ID, so that may be the case.

However, I had someone I know who uses 8.3 try the same thing and it didn't happen. They may have been using a different finger.

----------

Sorry for the misunderstanding, by the way. I thought you were asking how to activate Siri for use on the lock screen. My brain isn't fully functional today.

No problem. Yeah, it sounds like that's what's behind something like this--using a finger registered with TouchID to bring up Siri, which unlocks the phone in the process.

 

[nerdriot]

That seems to be the case. I have three registered prints, and when I used an unregistered finger I couldn't reproduce the issue after multiple attempts.

Looks as though this is a total non-issue lol. It had me a little frightened though for a moment.

 

[gsmornot]

I turned Siri off from the lockscreen a long time back because I could ask for my address and get it without unlocking. In some cases it might get your device back to you but generally I don't want to make that info available.

It removes my ability to use Hey Siri but in the end, that's OK.

 

[C DM]

I turned Siri off from the lockscreen a long time back because I could ask for my address and get it without unlocking. In some cases it might get your device back to you but generally I don't want to make that info available.

It removes my ability to use Hey Siri but in the end, that's OK.

I'm assuming that's because you have your addressed stored in your contacts, right?

 

[dearfriendx]

Update: I've been contacted by Apple's security team for this bug I reported yesterday. They wanted to make sure it was possible to activate Siri with a fingerprint not stored. Indeed I can activate Siri with any finger and infiltrate the iPhone. They also made sure I could reproduce the event with my passcode being required immediately. Indeed...I can still enter the phone without needing a passcode or fingerprint.

 

[C DM]

Update: I've been contacted by Apple's security team for this bug I reported yesterday. They wanted to make sure it was possible to activate Siri with a fingerprint not stored. Indeed I can activate Siri with any finger and infiltrate the iPhone. They also made sure I could reproduce the event with my passcode being required immediately. Indeed...I can still enter the phone without needing a passcode or fingerprint.

Not really sure what's happening in your case, but in what the OP has described and followed up on the actions were launching Siri and unlocking the phone at the same time.

 

[dearfriendx]

Not really sure what's happening in your case, but in what the OP has described and followed up on the actions were launching Siri and unlocking the phone at the same time.

The OP described (in their original post) activating Siri from the lock screen, asking Siri to find a family member/friend using Find My Friends and tapping the map that pops up. It unlocks the phone into that app. No fingerprint or passcode needed. It can be reproduced 100% of the time.

 

[C DM]

The OP described (in their original post) activating Siri from the lock screen, asking Siri to find a family member/friend using Find My Friends and tapping the map that pops up. It unlocks the phone into that app. No fingerprint or passcode needed. It can be reproduced 100% of the time.

And further discussion shows that the OP used a registered finger to launch Siri which unlocked the phone in the process. Using an unregistered finger didn't result in the same thing, again, as mentioned in follow up posts by the OP.

 

[zackattack784]

And further discussion shows that the OP used a registered finger to launch Siri which unlocked the phone in the process. Using an unregistered finger didn't result in the same thing, again, as mentioned in follow up posts by the OP.

It's highly likely he's doing the same thing but failing to read anything that's been posted in this thread because he wants to find the "latest" security vulnerability.

 

[simon lefisch]

I'm assuming you all have Touch ID enabled to unlock the phone? If so, try doing the same thing with Touch ID unlock disabled.

 

[dearfriendx]

It's highly likely he's doing the same thing but failing to read anything that's been posted in this thread because he wants to find the "latest" security vulnerability.

I'm very much aware of the situation. Thanks.

Regardless of what the OP apologized for down the road (unlocking his phone with a stored Touch ID finger...big duh there) I can access my phone without needing a stored fingerprint. Let alone any object hard enough to hold down the home button to activate Siri. Be smarter guys *thumbs up*

----------

I'm assuming you all have Touch ID enabled to unlock the phone? If so, try doing the same thing with Touch ID unlock disabled.

It cannot be replicated without Touch ID enabled for iPhone Unlock because this is a Touch ID issue

 

[C DM]

I'm very much aware of the situation. Thanks.

Regardless of what the OP apologized for down the road (unlocking his phone with a stored Touch ID finger...big duh there) I can access my phone without needing a stored fingerprint. Let alone any object hard enough to hold down the home button to activate Siri. Be smarter guys *thumbs up*

----------



It cannot be replicated without Touch ID enabled for iPhone Unlock because this is a Touch ID issue

Well, seems like you are the only one that cans somehow do something like that then.

As for being smarter, asking all these questions rather than jumping to conclusions is in fact being smarter given that answers often come out of them, as happened in this thread. But thanks for the lesson. Thumbs up indeed.

 

[haulis]

Unable to replicate on 8.4 public beta 2.

 

[iamMacPerson]

Not happening on DP3. FWIW I do have a complex passcode enabled and have changed it since I installed the beta.

 

[The Doctor11]

Running beta 3 I can't reproduce the bug.