2014/05/07

iOS 7.1.1 Newest Flaw – Attackers Can Skip the Lockscreen to Text or Call Contact

It exposed that newest iOS 7.1.1 lets anyone to access iPhone without passcode, only by asking Siri to Call, Send Messages, Email and so on.

The exploit was a discovered by Sherif Hashim, an Egyption neurosurgeon, and works on devices running iOS version 7.1.1 with the Siri service available from the lock screen. By activating Siri and giving her instructions to make a call or send a text, followed by inputting a single letter and selecting "other" from the available options, users can then gain access to the full contents of the device's content list as well as make calls and send or read texts and emails.

iOS 7.1.1 flaw/vulnerability

Risks are Big


The risks are pretty big, considering that a person’s contacts list is one of the most personal forms of data residing on a mobile phone.

Another security issue in iOS 7.1.1 does with email attachments. Discovered by security researcher Andreas Kurtz, the issue at heart is that Mail.app lacks a layer of protection for email messages attachments, one that Apple claims to offer.

How to Avoid the Attack by Siri Flaw


However, you have a choice to avoid this issue on your iPhone, that is, to disable the option to have Siri accessible from the lock screen.

In some cases, the security of the OS has been so weak that people were able to access photos, emails, and even text messages.

This is not the first time Apple has to deal with a passcode lock flaw. And although Apple prides itself on taking security matters very seriously, the company has always been slow to address such vulnerabilities both on mobile and on desktop platforms.

With almost every new iOS release, hackers and amateurs alike have found ways to trick the phone into thinking that the user has entered the passcode and gain access to its contents.

Apple Will Deal with the Issue Seriously, Perhaps in iOS 7.1.2


Every time there exposed a security problem of iOS, Apple will resolve it as quickly as possible. For example, the aforementioned Mail.app flaw was reported to the Mac maker about a month ago, and the company has yet to issue a patch.

Similarly, on iOS whenever someone finds and reports a security hole, Apple takes its time in developing a patch. Although it is understandable that it takes time to get things right, working up an update for a couple of bugs shouldn’t be such an ordeal.

Apple will need to patch this bug in a future iOS update, perhaps in iOS 7.1.2 which is said to be launched within this month. So we should expect the exploit to be patched out in the very near future.

Conclusion


Though risks come out, we cannot ignore and disclaim the capability and productivity of Apple developers. We benefit more goods than risks from iOS devices – iPhone, iPad, iPod. Wait for the patching of this bug.

Extra Info about Dealing with iPhone Problems


ReiBoot: Enter and Exit iPhone Recovery Mode with one click, help reboot iOS devices after update. Also bypass forgotten lockscreen passcode. Mac users please switch the page to Mac version.

iPhone Data Recovery: Recover iPhone lost data with 3 strategies -  Recover data from iOS devices without backup & Restore iPhone Lost data from iTunes/iCloud backup. Supported all iOS devices: iPhone 5s, 5C, 5, 4S, 4, 3GS; iPad Air, iPad mini with Retina Display, iPad 4, 3, 2, and iPod Touch, etc.



No comments:

Post a Comment