Until we had a long time here we were not dealing here with some critical flaw in iOS, but it is.
A Reddit user today released a way to use the Crab on the iPhone's locked screen to disable cellular data very, very easily.
Typically, the command to do this would be something like "Disable cellular data". If you ask for Siri in this way, she will correctly ask you to unlock the iPhone or that, of course, you have called her using an authenticated finger on the Touch ID. However, here's what happens if you simply say "Cellular data" to her:
Even with the iPhone locked, Siri informs that the cellular data is activated and below it shows the "switch" on / off which, surprisingly, works without problems.
Much is questioned about the fact that it is simple for a thief, for example, to activate Avio Mode on the iPhone simply by pulling the Control Center through the locked screen. Still, anyone who does not want to take this risk can easily disable Central access via the locked screen in Settings.
The big problem is that the same bug above also works with other settings, like the Airplane Mode itself or Wi-Fi:
Let's hope that Apple can close these loopholes remotely, on Siri's own servers, without needing an entire iOS update itself.
While she doesn’t do this, if you don’t want to take that risk, the way, in addition to disabling the Control Center on the locked screen, do the same with Siri by deselecting the option “Access When Locked” in Siri Settings.