Soon after Apple’s iPhone 5s came on the market with the Touch ID fingerprint sensor for biometric authentication feature, a security research group “hacked” it. It seems that by using the new exploit for iOS 7.1.1. the Touch ID sensor and passcode can be easily bypassed.
On YouTube, a new video has gone viral regarding this subject providing a full tutorial on how an iPhone 5s’ security lock can be bypassed without swiping the Touch ID sensor or having to input the 4-digit passcode locking the device. The video shows clearly how someone can access the contact list from an iPhone 5s only by using voice-commands via Siri.
Also, there are rumors regarding this reported exploit according to which the iOS 7.1.1 lock screen vulnerability affects other iOS devices. According to it users can bypass the passcode to access the contact list and even edit,copy and share the contacts with others. For now these will remain at the stage of rumors due to the fact that there is no confirmation if other iOS versions are vulnerable to this bug.
In the first part of the video (by Sherif Hashim) it can be seen how Siri asks for the passcode when trying to access “Contacts” on the locked iPhone 5s. Things take a turn when the user gives the voice-command “Call” – the program does his job and asks whom to call and gives access to an on-screen keyboard where one can search freelythrough the Contact list by tapping on ‘Others’ option.
This exploit was also verified by NDTV Gadgets on an IPhone 4s running the same iOS (7.1.1). The behavior was almost the same as the one before: bypassed the lock screen, issued a specific Call voice-command to Siri that included a first name or last name of a contact that was featured in the iPhone’s address book more than once. After the voice command was given, a list of contacts (that matched the spoken name) was available along with the Call Other option (which provided other possible matches).Inevitably, when Call Other option was selected full access to the contacts database was established. No need to say that any of the contacts could be directly called from the lock screen.
The irony comes at the end of Hashim’s video where he gives a simple solution for the users: to keep “Siri” voice-assistant switched off. These been said, Apple didn’t made any statements regarding the issue until now but we can assume that this problem will be solved in an upcoming iOS update, possibly iOS 7.1.2.
I also tried to hack my iPhone 5S and Yes, it is working you can see it below guys: