Siri is the intelligent personal assistant feature installed on iPhones.
So what exactly can a malicious minded person do in the device?
Related News : Lockscreen of iPhone’s iOS 7 can also be bypassed.
According to Cenzic researchers, Abhishek Rahirikar and Michael Yue, the flaw will allow :
- make phone calls
- send messages and emails using the device owner’s identity
- view call history
- view certain contacts
- gain access to personal information
- make posts on Twitter and Facebook
- and retrieve addresses saved in Apple Maps.
The security researchers however said that it only can be applied if the attacker has direct access to the device. They then recommended to disable the feature ‘SIRI’ or try to not hand iPhone running iOS7 to people that can not be trusted.
Currently, Cenzic calls on Apple to take a look on these vulnerabilities and solve them as soon as possible. Proof of concept is embedded above.