A Conspiracy Theory About Apple’s Assistant Siri :)

 

On April 5, 2016, Apple showed the world that the Siri permissions (Siri access levels to your iDevice) can be changed remotely at any time, server-side:

Via @washingtonpost:  An Apple spokeswoman confirmed that the bug was fixed Tuesday morning. Most consumers should have a fix in place – without the need for a software update.

Over time, Apple has quietly prevented several Siri  “features”  by server-side, remotely, so at any time can be opened and closed again, in case of… , without your knowledge, and you would never know.

Even, server-side Apple can give Siri unrestricted/unlimited access to our iDevices; an “authorized” person could get full access to any iPhone in the world by asking Siri with a specific secret voice command that could be changed at any time.

Could Siri be used like a backdoor?

Still at present,  Siri shows all reminders and events in calendar, and allows add, modify and delete, without asking for passcode.

 

 

Would not you like to keep private your tasks, dating, medical appointments … no losing the power of Siri on lockscreen?

I think would be great a handful of switchers on Settings – (Touch ID &) Passcode – Siri ; We could choose what Siri does and what not when our iDevice is passcode-locked, gaining privacy without giving up Siri on the lockscreen.

 

Advertisements

Amazing Siri Feature still working in iOS 9.3

Over the years, Apple has quietly prevented some features that Siri allowed without the need to enter the passcode, such “Siri read Notes aloud, and allows add text to any note”, like showed in this video:

Or as with this other feature that Siri shows recent calls and contacts:

Even as in this video in which Siri shows 25 contacts and allows call them although voicedial deactivated:

Apple even has opened CVE’s for some Siri security issues, like the CVE-2015-5892: A person with physical access to an iOS device may be able to use Siri to read notifications of content that is set not to be displayed at the lock screen.
Apple still has not stopped one amazing Siri “feature”. Today in iOS 9.3 , from the lock screen Siri shows all reminders and events in calendar, and allows add, modify and delete, without asking for passcode:

Siri helps, also to hijacking your WhatsApp.

If ask Siri your contact phone number, or by typping *#5005*74663# in the emergency dialer from the lock screen, in a few minutes, anyone with physical access to your iPhone (or remotely by accessing your voicemail) can take control of your WhatsApp account, without knowing your passcode, and thus obtaining from the groups the phone number of participants and …

If someone steals your device and knows your phone number, can hijack your WhatsApp by installing it in another device and asking for the verification call. Each new login increases the timeout to you can get back your WhatsApp, therefore, depending on how many consecutive logins made before you recover your phone number, your WhatsApp could get hijacked for minutes or several days.

And, once the attacker has taken control of your account, what if the process is done with WhatsApp Web, just to spy?

WhatsApp should use a more secure login?? … a two-step verification, or configuring a security question in the first login, or a PIN code, or that besides the phone number, ask for an email or something else… What do you think? How would you feel if someone hijacks your WhatsApp for a few minutes …or days?

( I think mostly instant messaging apps need a 2-step verification process and longer waiting time to proceed with the verification call. )

If your iPhone is misplaced, I think better not having Siri enabled on lock screen; the bad side is that you are discarding (among many other great things that Siri can do for you) the possibility that whoever finds your iPhone can give it back to you asking your information to Siri, but someone asking Siri could get much more than the owner’s identity.

Siri reads all notifications aloud, even those that you had blocked in the lock screen, allowing for example the person who steals your iPhone can check a SMS/Mail verification code to login in your WhatsApp / Line / Telegram… or any other online service, from another device.

Also, maybe you have apps that could show private or sensible notifications on lock screen, so maybe you would like to disable “Show on Lock Screen” for a particular app in Settings – Notifications, and even turn off the “Notifications View” in Settings – (Touch ID &) Passcode, for Not allow access when locked, but if ask Siri, will read all notifications aloud, including which are not allowed on the lock screen.

( I think would be great a handful of toggles on Settings – (Touch ID &) Passcode – Siri ; We could choose what Siri does and what not when our iDevice is Passcode Locked, gaining privacy without giving up the power of Siri on lockscreen. )

Recommended Read: “How Easy Is It To Hijack A Whatsapp User’s Account?” (by Kevin Costain) http://blogging.cwl.cc/2013/02/how-easy-is-it-to-hijack-a-whatsapp-user-account.html