iOS 7 Security Flaw Bypasses Lock Screen, Contact List Vulnerable

It is starting to look as though iOS 7 has its fair share of security issues, with reports of a bug that left email attachments unencrypted surfacing last week. While Apple has worked on a fix to this particular issue, another bug has appeared – it is as though one is trying to plug leaks on a sinking ship, although iOS 7 is far from such a situation at the moment. Egyptian neurosurgeon and part-time security researcher Sherif Hashim claims that there lies a flaw in iOS 7’s Siri voice assistant which would enable anyone to bypass the iPhone lock screen and access the contact list.

How does this flaw work out? The YouTube video shows that the TouchID fingerprint scanner works well enough to prevent unwanted access, but when Siri is activated, that is when a chink in the armor is found. The phone’s contact list can be accessed simply by saying “contacts”, and Siri will respond that it needs to be unlocked, before Hahim hits cancel and asks Siri to call a contact. This would result in the whole contact list surfacing, letting Hashim view and call anyone on the list without any issue.