YouTube user EverythingApplesPro
has found a security vulnerability involving Apple’s iOS 8 Touch ID and
Passcode. Using either iOS 8 or 8.0.2 while your iPhone is plugged into
a computer or wall charger, with the “Allow Hey Siri” setting
activated, a glitch allows you to enter the iPhone unhindered. We’ve
confirmed that it works.
The process is pretty simple but has a
low success rate, at least in our attempts on an iPhone 6 and iPhone 5s.
Essentially you ask Siri a question on the lock screen. For example, we
used “What’s the weather like tomorrow.” As Siri’s thinking up the
answer, press the home button and swipe right and you may just slip past
Apple’s iOS 8 security defenses.
As the uploader warns, and as
we can personally attest, it might take one, or two, or 30 tries until
you get through, but we were able to accomplish the feat using the steps
above on an iPhone 5s and iPhone 6 running iOS 8.0.2 after several
rounds of querying. As far as vulnerabilities go it’s probably not that
dangerous; it demands a very specific set of requirements, and a
situation where you’re likely to be near enough to your phone to prevent
anyone from accessing it in the first place. Still, security that works
all the time is better than security with holes in it. Hopefully iOS
8.0.3 is coming soon with a fix.
We’ve reached out to Apple concerning the issue and will update if and when we hear back.
via Blogger http://ift.tt/1Cz7qfQ