YouTube user EverythingApplesPro has found a security vulnerability involving Apple's iOS 8 Touch ID and Passcode. Using either iOS 8 or 8.0.2 while your iPhone is plugged into a computer or wall charger, with the "Allow Hey Siri" setting activated, a glitch allows you to enter the iPhone unhindered. We've confirmed that it works.
The process is pretty simple but has a low success rate, at least in our attempts on an iPhone 6 and iPhone 5s. Essentially you ask Siri a question on the lock screen. For example, we used "What's the weather like tomorrow." As Siri's thinking up the answer, press the home button and swipe right and you may just slip past Apple's iOS 8 security defenses.
As the uploader warns, and as we can personally attest, it might take one, or two, or 30 tries until you get through, but we were able to accomplish the feat using the steps above on an iPhone 5s and iPhone 6 running iOS 8.0.2 after several rounds of querying. As far as vulnerabilities go it's probably not that dangerous; it demands a very specific set of requirements, and a situation where you're likely to be near enough to your phone to prevent anyone from accessing it in the first place. Still, security that works all the time is better than security with holes in it. Hopefully iOS 8.0.3 is coming soon with a fix.
We've reached out to Apple concerning the issue and will update if and when we hear back.
No comments:
Post a Comment