IOS privacy bug causes Siri to read “hidden” notifications on the locked screen

As much as Apple and any company on the market tries to keep their operating systems free from bugs, it turns and moves some. And that is part of the life of any software, after all, there is no perfect code.

THE Crab, for example, she has already been caught doing things she shouldn't, like giving access to the entire contact list and allowing several iPhone settings to be changed even with the device locked. All of this, of course, has already been duly corrected by Apple.

This week, however, the reader Danilo Finardi he contacted us informing that he had discovered a new security / privacy breach in Ma's virtual assistant. Danilo told us that he rides a motorcycle and that, therefore, he uses Siri with a certain frequency to order music and make calls. On a certain day, he was waiting for a call and asked Siri if there was any new notification on the iPhone. And the thing that complicated

Before we go into the details of the bug, it is worth a brief explanation of how notifications work on iOS 11 / iPhone X. Check out our video below:

In a nutshell, now we can leave the “hidden” notifications on the locked screen until the iPhone is properly authenticated (either via Face ID or Touch ID) that is, the preview of a message / notification only appears to the owner of the device, whenever we want.

It turns out that by ask Siri read your notifications on the locked screen (without authenticating), she simply reads and goes through absolutely everything, including those that are “hidden”!

Since the content of these messages is not appearing on the iPhone screen, it is clear that Siri should not have access to it. After all, anyone can pick up their phone, see that there are "hidden" notifications and ask Siri to open his mouth, exposing all the content that was previously protected.

Do the test yourself, regardless of the version of your iOS (we are here at 11.2.6, but we confirm that the bug also exists in iOS 11.3, which is in the testing phase): ask a friend / family member to send you a message through your favorite app (it could be WhatsApp, Telegram, Skype doesn’t matter) and then say “Hey Siri, read my notifications” to see what happens. Obviously, make sure that the service notifications in question are set to only appear with the device unlocked in Settings Notifications (App in question) Previews, choose the option “When Unlocked (Standard)”.

THE only exception in this story all the very Posts (Messages) native. For some reason, iOS does not interpret messages it receives as notifications, so the only way to hear them is by asking Siri to read your messages. Yes, in this case the system correctly requires the iPhone to be authenticated via Face ID or Touch ID before proceeding.

O has already reported the Apple problem through the Bug Reporter tool. We hope that the problem will be resolved in future versions of iOS; meanwhile, if you don't want to risk it, you can disable Siri on the locked screen by going to Siri and Search Settings and unchecking the “Allow When Blocked” option.