25 March 2016, 14:47
Here’s a glitch that was spotted by veteran iOS bug-hunter Jose Rodriguez over a year ago – but which still hasn’t been fixed in the 9.3 release of a few days ago. See the video below.
I wouldn’t call this a security bug because it needs specific (and quick) reactions to make use of it. But it’s interesting nonetheless.
The glitch lets anybody view the last thing an individual asked Siri, complete with Siri’s response – provided they do so within less than five seconds of the device sleeping. The last Siri request can often be personal. For example, the user might just’ve checked their email using Siri, or sent a personal iMessage.
Here are the steps:
- Wake the phone as usual, and ask Siri something as usual by holding the home button.
- Sleep the phone using the sleep buttton.
- As soon as the iPhone is locked, hold and press the home button to summon Siri. To ensure you don’t accidentally unlock the phone, use the end of a pen, or the knuckle or a finger.
- Very quickly tap the waveform at the bottom of the screen to cancel Siri.
- Scroll down by dragging from the top of the screen lots of times. Eventually the last Siri request will come into view – despite the fact the phone hasn’t been unlocked.
Remember that you’ll need to perform steps 3 onwards less than five seconds after sleeping the phone.
Lock screen glitches aren’t rare. We’ve featured a handful in the past here at Mac Kung Fu and mostly they’re not serious. However, they can be worrying signs of chinks in the armor of Apple’s security. Who knows if they might be exploitable in more serious ways?
Leave a comment...