Click to Skip Ad
Closing in...
  1. amazon nest thermostat 3rd generation
    14:02 Deals

    Newest Nest Thermostat gets a rare Amazon discount ahead of Prime Day

  2. Prime Day Deals
    09:43 Deals

    These early Prime Day deals have prices so low, it’s like Amazon made a mistake

  3. Best Amazon Deals Today
    07:58 Deals

    15 hidden Amazon deals that are so exclusive, they’re only for Prime members

  4. Amazon Deals
    10:22 Deals

    Today’s best deals: Huge Prime members-only sale, $15 Echo Auto, $106 off Apple Watc…

  5. Best Kitchen Gadgets
    08:33 Deals

    Amazon shoppers are obsessed with this $23 gadget that should be in every kitchen

Another big security flaw found in iOS 7.1

Zach Epstein
May 6th, 2014 at 10:05 AM
iOS 7.1 Security Flaw

Providing users who aren’t overly concerned with privacy an option to forgo certain protections in favor of convenience is a good thing. Enabling those less secure conveniences by default, however, is not a good thing.

Several security issues have been discovered that were brought about by the fact that Siri and other iOS conveniences are enabled by default when iPhones are locked. The biggest example, perhaps, was discovered in September last year: By default, anyone who finds a lost iPhone or steals an iPhone can make it impossible for owners to recover the lost handset in just a few seconds.

And now, another big flaw has been uncovered.

As noted in a recent post on NBC, Egyptian programmer Sherif Hashim has discovered a flaw that allows anyone and everyone to access a user’s contact list even when his or her iPhone is locked. The issue is confirmed to be present even in Apple’s latest iOS 7.1.1 software.

Hashim posted a video to illustrate the flaw. In it, he shows that the device is locked and then attempts unsuccessfully to access the handset’s contact list using Siri. After canceling his initial command, he speaks a different command — “Call” — to initiate a voice call while the handset is locked. Siri then asks, “With whom would you like to speak?” and presents Hashim with the phone’s full contact list even though the device is still locked.

The report notes that no other features on the phone are accessible using this method.

If you would like to stop your phone from making your entire contact list available to anyone with a voice, go to Settings > Passcode and disable Siri under the “Allow access when locked” heading.

Hashim’s video is embedded below.

Zach Epstein

Zach Epstein has worked in and around ICT for more than 15 years, first in marketing and business development with two private telcos, then as a writer and editor covering business news, consumer electronics and telecommunications. Zach’s work has been quoted by countless top news publications in the US and around the world. He was also recently named one of the world's top-10 “power mobile influencers” by Forbes, as well as one of Inc. Magazine's top-30 Internet of Things experts.

Popular News