Click to Skip Ad
Closing in...

Another big security flaw found in iOS 7.1

Published May 6th, 2014 10:05AM EDT
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Providing users who aren’t overly concerned with privacy an option to forgo certain protections in favor of convenience is a good thing. Enabling those less secure conveniences by default, however, is not a good thing.

Several security issues have been discovered that were brought about by the fact that Siri and other iOS conveniences are enabled by default when iPhones are locked. The biggest example, perhaps, was discovered in September last year: By default, anyone who finds a lost iPhone or steals an iPhone can make it impossible for owners to recover the lost handset in just a few seconds.

And now, another big flaw has been uncovered.

As noted in a recent post on NBC, Egyptian programmer Sherif Hashim has discovered a flaw that allows anyone and everyone to access a user’s contact list even when his or her iPhone is locked. The issue is confirmed to be present even in Apple’s latest iOS 7.1.1 software.

Hashim posted a video to illustrate the flaw. In it, he shows that the device is locked and then attempts unsuccessfully to access the handset’s contact list using Siri. After canceling his initial command, he speaks a different command — “Call” — to initiate a voice call while the handset is locked. Siri then asks, “With whom would you like to speak?” and presents Hashim with the phone’s full contact list even though the device is still locked.

The report notes that no other features on the phone are accessible using this method.

If you would like to stop your phone from making your entire contact list available to anyone with a voice, go to Settings > Passcode and disable Siri under the “Allow access when locked” heading.

Hashim’s video is embedded below.

Zach Epstein Executive Editor

Zach Epstein has been the Executive Editor at BGR for more than 15 years. He manages BGR’s editorial team and ensures that best practices are adhered to. He also oversees the Ecommerce team and directs the daily flow of all content. Zach first joined BGR in 2007 as a Staff Writer covering business, technology, and entertainment.

His work has been quoted by countless top news organizations, and he was recently named one of the world's top 10 “power mobile influencers” by Forbes. Prior to BGR, Zach worked as an executive in marketing and business development with two private telcos.