New iPhone lock screen flaw gives hackers full access to contact list data

Summary:iPhone users are vulnerable to a lock-screen flaw that allows a hands-on hacker to gain full access to a user's contacts list.

iphone
Image: ZDNet/CBS Interactive

iPhone users may be vulnerable to a lock-screen flaw that allows a hacker to access contact list details on the device.

Read this

iOS 7 review: Apple's mobile mid-life crisis?

iOS 7 had an extreme makeover, beauty pageant style, in a vastly aesthetic and design-focused release. Here's more.

According to the Egyptian part-time hacker who discovered the flaw and recorded the steps on YouTube, Sherif Hashim, the vulnerability only exists when running iOS 7.1.1, the latest version of the mobile platform, and when Siri is available from the lock-screen.

The flaw exists when Siri is triggered on the lock-screen, and a user says, "Contacts." Although Siri will refuse to dish out any details, not before bringing up the password screen, a user is able to access the contacts list by pulling up on the screen, editing the request, and asking for a duplicated name. If you have more than one "John," for instance, you have the option to view all contacts from the "Other..." menu.

However, the hacker attempting to gain access to the device must be in its physical presence in order to perform the trick.

Manage the influx of Apple devices into your workplace with the expert advice in this Tech Pro Research download.

ZDNet tested this in our Louisville, KY office, and was eventually able to reproduce the bug after numerous attempts. Although you can try different names one by one, you also have the option to access the full contacts list.

The flaw, which is believed to work on all iPhone versions running Siri, doesn't just gain access to phone numbers, but any information that is available from a contact card.

Users are advised to switch off Siri from the Passcode options in the General settings of the device.

ZDNet reached out to Apple for comment, but did not hear back at the time of writing.

Topics: Security, Apple, iPad, iPhone

About

Zack Whittaker writes for ZDNet, CNET, and CBS News. He is based in New York City.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.