Another iPhone passcode bypass is making the rounds this week that reportedly allows users to trick Siri into skirting around the device’s usual lockscreen to view, edit and call any of the phone’s contacts.
The flaw apparently affects the most recent iOS build, 7.1.1 and allows the bypass of both the iPhone 5’s security lockscreen and its TouchID sensor via voice command.
Sherif Hashim, an Egyptian neurosurgeon and self-proclaimed iPhone baseband hacker, ran through the trick in a video posted to Youtube over the weekend.
The video shows Hashim repeatedly pressing the TouchID button, activating Siri and asking for the Contacts section. Siri rightfully so, asks Hashim to unlock his iPhone and in response, Hashim instead asks Siri to “Call.” Siri then asks which contact he wants to call and Hashim is given an on-screen keyboard and is able to type one of his contacts names in. From there he’s easily able to scroll through his list and make a call.
Some may argue this is really more of a partial bypass or a trick, instead of a full bypass as an attacker would have to physically have access to a phone running 7.1.1. Perhaps most importantly the user would also have to have Siri enabled on his or her lockscreen to be vulnerable. Even then, the attacker would only have access to the user’s contacts.
It’s unclear if Apple has a patch in the works for this particular issue but it does appears the company is working on a fix for another problem with the mobile operating system.
The Cupertino-based company recently acknowledged that its aware of an issue in 7.1.1 that prevents email attachments on iPhones from being properly encrypted.
Andreas Kurtz, a security researcher and co-founder of Germany’s NESO Security Labs, discovered late last month that email attachments could be read without encryption or restriction if an attacker accessed the device’s file system, MobileMail.app, in recent builds of iOS.
Kurtz was able to restore an iPhone 4 to both 7.1 and 7.1.1 and set up an IMAP email account to carry out his research. Then Kurtz shut down the device, accessed the file system and mounted the iOS data partition. He was then able to find all of the email’s attachments accessible without encryption or restriction.
In a blog entry at the time Kurtz also pointed out that he was able to find the vulnerability in an iPhone 5s and an iPad 2 running iOS 7.0.4 as well, suggesting it could have been an issue stretching back to last fall.
On its support page, Apple writes that its Mail application encrypts email attachments and that its data protection feature “provides an additional layer of protection for your email messages attachments, and third-party applications.”
Kurtz reported his findings to Apple and while the company claimed it was aware of the issue it didn’t yet have a “date when a fix is to be expected.”
“Considering … the sensitivity of email attachments many enterprises share on their devices, I expected a near-term patch,” Kurtz wrote last month, after realizing that 7.1.1 didn’t fix the problem.
When 7.1.1 was released about two weeks ago, it fixed a serious SSL issue in OSX and iOS that could have allowed an attacker to intercept data via a man-in-the-middle attack on SSL connections.
It’s not certain whether 7.1.2 – whenever it does surface – will address the aforementioned issues.