What happens to roaming after Brexit?

Siri bug reads your private messages even when iPhone locked

By:
On:Monday, 26 March, 2018

It’s not the first Siri bug we’ve ever seen but a newly uncovered security flaw in iOS 11 makes the silver-tongued voice assistant read iPhone messages to strangers from the lock screen.

Apple’s latest update for iPhones was supposed to win back disgruntled customers, bringing new fixes to the controversial battery issue, and a crowd of friendly Animoji to win users over.

However, it’s also brought a nasty new Siri bug to iPhones – one that can seriously compromise your security.

The exploit is also worryingly simple to activate, meaning almost anyone can get your Siri to spill out the contents of your phone for the world to hear.

How does the Siri bug read private messages?

Easy. You just ask her.

A Brazilian magazine discovered this rather obvious hole in iOS 11, which is opened up by an awkward collection of mostly default settings that are enabled on most users’ iPhones.

The exploit arises from the following combination of menu options:

  • Siri is turned on
  • The “Hey Siri” keyword is turned on
  • Lock screen restrictions are disabled
  • An installed messaging app has Notifications turned on
  • Messages are set to Show Previews When Unlocked

As you can see, this is a pretty typical setup for many users – taking advantage of most of the convenience afforded by an iPhone.

When working properly, Siri won’t be able to access any features of your phone that are behind the lock screen (which is most of them).

However, iOS 11 Siri seems to ignore the “Unlocked” part of Show Previews When Unlocked, and will display your messages without any need to unlock your phone first.

WhatsApp and Skype are some of the messaging apps that suffer from this bug. Apple’s own messaging app, Messages, is apparently unaffected by the problem.

Apple is currently working on a fix for the loophole. Until that happens, here are some things you can do to shore up your iPhone:

  1. Turn off Siri features on the lock screen from the Touch ID & Passcode menu.
  2. Turn off Show Previews from the Notifications menu.
  3. Turn off Alerts that Show on Lock Screen for your messaging apps – again found in the Notificationmenu.

Alternatively, if you don’t think Siri is worth the trouble, you can just turn her off altogether.

MAIN IMAGE: Johan Larsson/CC BY 2.0

By:

Samuel Newman is a consumer journalist and blogger based in Sheffield.
Back To Top