Bypassing Your Passcode: How One Online Hack Can Unleash Your Photos and Texts

By on Nov 18, 2016

 

You keep some of your most personal information on your phone. Special photos, hundreds of contacts, important emails, private text messages – there’s a treasure trove of personal data stored within these small devices. That’s why you lock it. For iOS users in particular, this can be done in a multitude of ways – passwords, Touch ID, codes, etc. However, a new flaw was discovered this week in iOS software that allows cybercriminals to bypass all barriers, giving them the key to unlock any protection users of iOS 8, 9, and 10 have on their phones.

The bypass is simple: Siri and the accessibility feature in iOS called VoiceOver get tricked, and all passcodes and Touch ID barriers get sidestepped. But how exactly does this trick work?

Discovered by EverythingApplePro and iDeviceHelp, the hack takes advantage of the software vulnerability with just a few steps. All the attacker has to do is find out the victim’s phone number by simply asking Siri “Who am I?”, call the number, and manipulate the options on the phone call screen. From there, they can use the “add new contact” capability to add a new photo for the number calling the phone and therefore access your photos. This means the cybercriminal can scroll throughout your entire photo gallery and view your personal memories. They can also access your entire contact list at that point and see all previous text messages with a contact.

And just like that, they can access and obtain any personal information that their heart desires, all thanks to Siri. Unfortunately, that personal information could be susceptible to compromise by anyone with a YouTube account, as this hack was posted there for all eyes to see.

With this bug going viral, the next step is to stay vigilant. Though this may go without saying, it’s important to keep your device in your own hands. Make sure your phone is always in sight, or better, on your body. But beyond this simple reminder, here are a few more tips on how to secure your iPhone from this hack:

  1. Turn off Siri, at least for now. Until this bug gets patched, the easiest way to stay safe is to disable Siri on the lock screen. Just go to your settings and go to Siri > Access on Lock Screen and toggle the switch to turn it off.
  2. Install all available updates. This bug, like past bugs, will get patched. The fix will most likely be packaged within the newest iOS update – so whenever Apple makes a new update available, immediately install it.
  3. Lost or stolen phone? Track it down. The attacker can only hack into your phone if they get their hands on it. So in case they do, make sure you can track it down quickly and accurately with anti-theft protection like the one included in McAfee Mobile Security. This will help secure your device from malicious hands when it leaves your side.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee on Twitter, and ‘Like’ us on Facebook.

gary

About the Author

Gary Davis

Gary Davis was previously McAfee's Consumer Security Evangelist providing security education and advice to businesses and consumers. He is a sought-after speaker on trends in digital security, appearing at conferences and events, as well as security and consumer lifestyle broadcast outlets and publications such as ABC, NBC, FOX, the Wall Street Journal, USA Today, Money ...

Read more posts from Gary Davis

Subscribe to McAfee Securing Tomorrow Blogs