Ready for another dose of the good old "we are not safe, run for the hills while there is time"? Well, let's go. Once again, we have the whole YouTube channel at the epicenter of the thing EverythingApplePro, which has already appeared here twice this week on the first frying a brand new MacBook Pro, on the second detecting a bizarre flaw in the iPhone 7/7 Plus camera.
Now, the most serious thing: the channel discovered a breach relatively easy to be explored, good to note on iOS that allows anyone to have access to all photos and messages from a given device. Yes, even if it is blocked with a password or Touch ID.
The only prerequisite for the invasion to work is that the device in question has activated Siri on the Locked Screen; the user must also have the phone number or FaceTime contact of the device to be hacked, as it is necessary to make a call to the device.
Basically, the invasion happens by clicking on the ?Message? button that appears on the screen when the call is being received. The attacker selects the option ?personalized message? and requests via Siri that the assistant turn on the VoiceOver feature. On the compose screen, it is necessary to double tap the recipient's field and then the keyboard to activate the editing of this area (the bug in question is explored in this case).
Then, VoiceOver is turned off by Siri and, back to the recipient's field, any letter is typed to see the corresponding results. To see the conversations with any contact, just select it; to access the photos of iDevice, it is necessary to click on the information button of any contact, on the right, select the option of ?create new contact? and go to ?add photo? there will be all the images of the device, without having to authenticate with password at any time (the lock, including , is present at the top of the screen).
The channel managed to reproduce the breach on an iPhone 7 Plus running the latest iOS 10.2 beta, which means that Apple is not yet aware of the problem. An iPad has also been successfully hacked; It is more problematic to realize that the flaw was already present in iOS 8, as shown in the video, and can be replicated even on an iPhone 4s that does not support iOS 10, that is, either to be unprotected forever or to force Apple to launch a new / unexpected update for iOS 9, the latest available for the device.
While Ma does not release an official solution to the problem, the only way to protect yourself from evildoers is to disable Siri on the Lock Screen of your iOS device in this way, it is not possible to activate VoiceOver, which is a fundamental part of the trick. Stay tuned!
(via Cult of Mac)