A neurosurgeon/hacker (crazy, right?) by the name of Sheif Hashim recently discovered a security flaw in iOS that allows easy access to your phone’s contacts through Siri. Here’s how the trick works.
- Bring up Siri.
- Tell her to “Call,” “Text,” or “Email.”
- Siri will then ask you who you’d like to contact, then click “edit” on the upper right hand corner.
- You can now enter any name in the contacts, which gives you access to any number on that person’s phone.
But, this little exploit gets even worse, according to our friends over at TechnoBuffalo:
“If your address book is setup in a specific way, you can edit your Siri request to say “Call a” (or any other letter), which will then bring up contacts with the letter “a” as their first or last name. You’ll get a list of those contacts, along with an “Other” option, which will then allow you to bring up that phone’s entire list of contacts.”
It looks like the only way to prevent this right now is to simply disable Siri on your phone. We hope that the guys at Apple fix this soon because this can be a very serious issue. Check out the video demonstration below: