Well, that didn’t take long.
Just one day after reports came out of a Siri exploit that left iPhone 6s and 6s Plus users’ photos and contacts accessible without a passcode, Apple has adjusted its digital assistant’s behavior to close the hole.
News of the gap came out Monday, and while it didn’t affect every iPhone in the wild, it was nonetheless pretty alarming. Someone could use Siri to get into a device’s information with a Twitter search from the lock screen and the 3D Touch functionality, which lets users quickly add contacts by pressing firmly on e-mail addresses and phone numbers.
As YouTuber John Rodriguez demonstrates in his video below, all someone needed to do was find a Twitter account that includes some contact information and then use 3D Touch to bypass the lock-out.
But now that Apple has removed the Siri exploit through a server-side update, the digital assistant will prompt you to enter your passcode or Touch ID before it will do a Twitter search from the lock screen. If you own an iPhone 6s or 6s Plus, you don’t have to download or update anything; the fix is already in place.
The incredibly specific nature of the “hack,” and the fact that the settings that allowed it to work are switched off by default, further reduced the number of vulnerable phones, but it’s good that Apple has taken such quick steps to repair the issue. Now we can rest for a little while before someone else discovers a way to trick Siri into giving up our precious data.
