Siri Can Share Messages From Third-Party Apps On Locked Phones


When iOS 11 debuted, Apple allowed iPhone users to have more privacy by letting them hide notifications on their lock screen until they unlocked their phones with Face ID or Touch ID. But that security measure can apparently be circumvented through Siri, Mashable reported.

To learn the contents of notifications — such as messages sent through third-party messaging platforms —someone in possession of an iPhone could simply ask Siri to read them. Through a test, Mashable was able to get Siri to read hidden messages from WhatsApp and Signal on the iPhone X and the iPhone 8 Plus models running the newest iOS.

According to Mac Magazine, that vulnerability also applies to devices that run iOS 11.3 beta. In addition, the flaw affects other apps, such as Telegram and Skype. But Apple’s own messaging app does not appear to have that issue.

In 2016, Apple iPhone users were reportedly being tricked into spilling the beans on all their personal information, including text messages, emails, browsing history and photos, and they had Siri to blame.

According to a report by Forbes at the time, there were several steps involved in tricking Siri into divulging information on the phone. The first thing bad guys had to do was determine the phone number of the iPhone, which Siri can provide. They then had to place a phone call from another phone, which was answered with a text reply.

Instead of entering a message, Siri was asked to engage in some action, such as enabling VoiceOver. The feature allowed people to interact with iOS via gestures. This security hole could have allowed hackers to steal credit card data, infiltrate backups and access Apple’s Keychain password manager, where passwords and other authentication data is stored.

While that report may not have sent Apple iPhone users running to the hills, there were growing indications that Apple was an increasing target for hackers. In Sept. 2016, Elcomsoft, a Moscow-based security company, said iOS 10 was very susceptible to a “brute force attack,” where hackers automatically might have tried a continuous number of password combinations until they unlocked the right one.



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.