Siri could read whatsapp messages in IOS 11.0.3
| Originator: | backdoor.army | ||
| Number: | rdar://6468254624 | Date Originated: | 10/27/2017 |
| Status: | Closed | Resolved: | Resolved |
| Product: | IOS | Product Version: | 11.0.3 |
| Classification: | Bug | Reproducible: | No |
Title: Siri could read whatsapp messages and no blue tick in IOS 11.0.3 Aim: Recreate a scenario to see the iOS 11.0.3 bug including Siri which enables unauthorized personnel to read messages with disabled notification and locked iPhone Required: 2 iPhones both loaded with iOS 11.0.3 (Iphone 5S and Iphone 6) Experiment steps: 1) Disable fingerprints for the iPhone A. 2) Turn off notifications from WhatsApp/ iMessage. 3) Send a message from iPhone B (let’s say saved as Mike) to the iPhone A. 3) Open Siri without unlocking the iPhone A. 4) Say : “Read the last message from Mike” to iPhone A. 5) The result will be Siri reading out the message if there is a message received and even though iPhone A is locked. If there is no new message, Siri reads out: “There are no new messages” 6) The victim can’t find or realized that his all unread messages has been disclosed and all those unread messages are still being unread(as it is). The video for this vulnerability test can be found on the link below: https://m.youtube.com/watch?v=InTR22W3glw&feature=youtu.be Conclusion: From the above test, we observed that this bug poses as a huge risk to iOS 11.0.3 users’ information security and privacy. This can lead to leak of private information of the user to an unauthorized person. Researchers - Yash
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
Latest iOS Software
Since this issue does not affect the latest version of iOS, it doesn't really matter. Update to iOS 11.2.6 to fix this issue.