Apple’s powerful voice assistant Siri has become a major highlight of iOS devices, but Siri always exists some flaws or loopholes threaten the security of the whole system.
Recently a new bug of Siri exposed, that allows user to access contacts and photos on iPhone without passcode unlocking, which will undoubtedly disclosure of personal privacy, a serious flaw
User Jose Rodriguez has uploaded a video to demonstrate how it is happening. he found a similar lock screen flaw last September.
View the video you can see, although the iPhone 6s has been locked by passcode, but users can still access the contacts and photos, only need to issue voice commands to Siri to access Twitter, or send e-mail, then click the link provided by Siri using 3D Touch, to open Contacts and view the photo album. Course, this method does not work on those devices do not support 3D Touch.
Obviously, this vulnerability has a precondition that before the user has granted permissions to Siri to access Twitter, Gallery and other related applications. Otherwise, Siri must first obtain authorization before searching Twitter contacts, which means you need to unlock the device first. Jose Rodriguez noted that this vulnerability also works on the WhatsApp application.