Demo appears to show iOS 8 has Siri-based security bug

YouTube blogger posts video of access to locked iPhone 6, without passcode, TouchID entry

Tags: Apple IncorporatedUSA
  • E-Mail
Demo appears to show iOS 8 has Siri-based security bug The blogger could only vouch for the bug’s presence on an iPhone 6.
By  Stephen McBride Published  September 29, 2014

Apple Inc's iOS 8.0 and 8.0.2 contains a sporadic security glitch that allows the TouchID and passcode to be bypassed on an iPhone 6, a YouTube-based tech blog claimed today.

EverythingApplesPro posted a five-minute video in which the newly released variant of iOS 8 appeared to allow access to a locked iPhone 6.

Apple released iOS 8.0.2 as a fix for minor release 8.0.1, which caused dropped calls and disabled TouchID for some users.

In the video, the blogger demonstrates he is using 8.0.2, but says the flaw is also present in 8.0. He then enables Apple's voice-interface assistant Siri and new setting "Allow ‘Hey Siri'", which permits the phone to be woken up (while connected via cable to a power source) by the user saying "Hey Siri".

The blogger enabled both TouchID and passcode, but said either on its own would also expose the flaw. It took him several attempts to demonstrate the flaw, but after locking his iPhone 6, he said "Hey Siri" and then, after Siri woke up the phone: "How's the weather like going to be today [sic]?"

Once Siri responded to the question, the demonstrator hit the home button and swiped the screen to enter the passcode. On the first few attempts the keypad appeared, prompting entry of the passcode, but on one occasion the user appeared to swipe and enter the home screen without any need for a passcode. He then demonstrated that passcode was still enabled.

While admitting that the setup was "challenging", as the phone had to be connected to power and the glitch did not occur every time, he urged YouTube denizens to spread the word so Apple might fix the flaw in the next update.

The blogger said he could only vouch for the glitch in an iPhone 6.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code