Today's best reads

Easy way to bypass passcode lock screens on iPhones, iPads running iOS 11

The vulnerability allowing anyone to bypass the passcode lock screen still exists in iOS 11.0.2

Easy way to bypass passcode lock screen on iPhones
IDG

Update for iOS 11

With iOS 11, you can still bypass the iPhone lock screen and trick Siri into getting into a person's phone. The bypass is the same as it was in the earlier version of the operating system:

  • Press the home button using a finger not associated with your fingerprint authentication, prompting Siri to wake up.
  • Say to Siri: Cellular data.

Siri then opens the cellular data settings where you can turn off cellular data.

As was the case before, anyone can do this. It doesn't have to be the person who "trained" Siri.

By also turning off Wi-Fi, you cut off her connectivity access. You will get an error saying, “Siri not available. You are not connected to the internet.” But you don’t care about that error because you have already bypassed the iPhone lock screen.

Other privacy holes remain

Also still an issue: Anyone can use Siri to read your new/unread text messages, send text messages and see your most recent phone call.

To do that, again prompt Siri to wake up using a finger not associated with the phone's authentication. Then say, “Read messages,” and Siri will read any unread text messages from the lock screen. Say, "Send a text message [person's name]," and Siri will let you dictate a message and send it. Say, "Show me recent calls," and Siri will display your most recent phone call.

Facebook privacy hole closed

Apple has closed the hole that allowed you to command Siri to post to Facebook. Now, she tells you she can't do it and gives you a button to open Facebook. You need to enter the passcode for the device to open the app.

Lock down your privacy

Until Apple patches the hole that lets you bypass the lock screen and let you command Siri, your best option is to disable Siri from the lock screen.

--------------------------------------

iOS 10.3.2

Apple still has not patched the hole allowing you to bypass the iPhone lock screen. As of iOS 10.3.2 (and the 10.3.3 beta), you can still trick Siri into getting into a person’s iPhone.

It works like this:

  • Press the home button using a finger not associated with your fingerprint authentication, prompting Siri to wake up.
  • Say to Siri: Cellular data.

Siri will then open the cellular data settings where you can turn off cellular data.

Anyone can do this—it doesn’t have to be the person who “trained” Siri.

By also turning off Wi-Fi, you cut off her connectivity access. You will get an error saying, “Siri not available. You are not connected to the internet.” But you don’t care about that error because you have already bypassed the iPhone lock screen.

Not only can someone trick Siri to turn off cellular data, but they can trick her to read unread text messages and post to Facebook—a major privacy issue.

To do it, again prompt Siri to wake up using a finger not associated with the phone's authentication. Then say, “Read messages,” and Siri will read any unread text messages from the lock screen. Or say, “Post to Facebook,” and Siri will ask you what you want to post to Facebook.

We tested this with a staffer’s iPhone 7, with someone other than the iPhone owner giving the commands. Siri let the person right in.

While we wait for Apple to patch the hole, your best option is to disable Siri from the lock screen.

--------------------------------------

iOS 9 lock screen bypass vulnerability

There are multiple bypass vulnerabilities which could allow an attacker to get past the passcode lock screen on Apple devices running iOS 9.

The details for four different attack scenarios were disclosed by Vulnerability Lab. It’s important to note that an attacker would need physical access to the device to pull this off; that being said, the advisory says the hacks were successfully executed on iPhone models 5, 5s, 6 and 6s as well as iPad models Mini, 1 and 2 running iOS 9 versions 9.0, 9.1 and 9.2.1.

Security researcher Benjamin Kunz Mejri, who disclosed a different method for disabling the passcode lock screen on iOS 8 and iOS 9 about a month ago, discovered the flaws. Vulnerability Lab posted a proof-of-concept video showing multiple new ways for a local attacker to bypass the passcode in iOS 9 and gain unauthorized access to the device.

“Local attackers can use Siri, the event calendar or the available clock module for an internal browser link request to the App Store that is able to bypass the customer’s passcode or fingerprint protection mechanism,” the disclosure states. The attacks exploit vulnerabilities “in App Store, Buy more Tones or Weather Channel links of the clock, event calendar and Siri user interface.”

There are four attack scenarios explained in the disclosure and demonstrated in the proof-of-concept video; each begins on an iOS device with a locked passcode.

The first scenario involves pushing the Home button to activate Siri and asking her to open a non-existing app. Siri responds that you have no such app, but she “can help you look for it on the App Store.” Tapping on the App Store button opens a “a new restricted browser window.” Either select update and open the last app, or “push twice on the Home button” for the task slide preview to appear. Swipe over to the active front screen task and that bypassed the passcode lock screen on iPhone models 5, 5s, 6 and 6s.

The second scenario is similar, first pushing on the Home button for two seconds to activate Siri and then asking to open the clock app. Switch to world clock in the bottom module and tap the image for the Weather Channel LLC network; if the weather app is deactivated by default, then a new restricted browser window will open which has App Store menu links. Click update and open the last app, or tap twice on the Home button to get to task slide preview. Swipe over to the active front screen and voila – passcode lock screen bypassed again; this reportedly works on iPhone models 5, 5s, 6 and 6s.

The third attack scenario works on iPad model 1 and 2, but basically follows the same steps as scenario two to bypass the passcode and gain unauthorized access to the device.

The fourth way to bypass the lock screen passcode involves forcing Siri to open by pushing the Home button and asking her to “open Events/Calendar app.” An attacker could tap the “Information of Weather Channel” link which is found at the bottom of the screen next to the “Tomorrow module.” If the weather app is deactivated by default, then a new restricted browser window opens with App Store links. Tap update and open the last app, or push twice on the Home button to bring up the task slide preview. Swipe over to select the active front screen and the passcode on the lock screen is bypassed.

Although the Apple security team was reportedly notified on January 4, there are no dates listed in the vulnerability disclosure timeline for Apple responding or developing a patch. Vulnerability Lab proposed the following temporary solution for users to harden device settings:

  1. Deactivate in the Settings menu the Siri module permanently.
  2. Deactivate also the Events Calendar without passcode to disable the push function of the Weather Channel LLC link.
  3. Deactivate in the next step the public control panel with the timer and world clock to disarm exploitation.
  4. Activate the weather app settings to prevent the redirect when the module is disabled by default in the events calendar.
Windows 7 to Windows 10 migration guide
  
Shop Tech Products at Amazon