No, Siri won’t let people break into your iPhone


Siri interrogation video The Daily Show
Siri don't snitch.
Photo: Comedy Central

The Internet has exploded recently over reports claiming that evildoers can trick Siri, Apple’s digital assistant, into giving them access to your iPhone without entering your passcode. But our own testing confirms that these claims aren’t just exaggerated; they’re hilariously mistaken and wrong.

Posts warn against the “terrifying new way” that teh haxxorz can get into all of your secret data, but the people reporting on and testing the supposed methods are really just taking a really long path to unlocking their own phones normally.

Reporters and YouTubers say that from the lock screen, you can hold down the Home button to activate Siri. If you ask Siri what time it is, you can tap on the clock icon that appears to get to that setting screen. You could also just get there from swiping up from the lock screen to get to the Control Center and tapping on the clock there, but it’s not our super-secret hacking method.

Once you have nefariously tricked Siri into giving you access to the iPhone’s vulnerable clock, reports claim, you can go to the Timer tab and hit “When Timer Ends.” At the top of the next screen, you can hit “Buy More Tones,” which will take you to the iTunes Store, and from there, you just need to hit the Home button again, and you’re in.

We’ve seen variations. One YouTube video includes a laughably circuitous method that has you going through the Clock app’s World Clock tab and then sharing selected, arbitrary text with a contact that you create specifically for this.

But here’s what we think is actually happening: Regardless of what other arcane wizardry they claim to be performing, the testers are activating Siri using the thumb they’ve tied to Touch ID. In other words, their phones are unlocked as soon as they turn on the digital assistant. After that, they’re just doing a bunch of random crap before they go back to their home screens.

“I’ll preface this with a warning that I tried this trick a number of times, and although we were overwhelmed that it worked the first time, the phone seemed to wise up to my wily ways after that and didn’t work so smoothly,” a reporter at Cosmopolitan UK says. “But it’s worth a try, nevertheless.”

This article supposes that the iPhone has some kind of weirdo “everybody gets one” rule that only lets you break into someone’s phone a single time, so make it count, people. What we think is more likely is that the writer used different fingers in subsequent attempts.

If your phone doesn’t require Touch ID to unlock, we’ve identified another setting that might lead some people to think that their phones are vulnerable. Go to Settings > Touch ID & Passcode > Require Passcode, and you can set how long your device will sit idle before it asks for some verification. You can choose “Immediately” or set a delay of one, five, or 15 minutes, an hour, or four hours.

But here’s the important part: Having anything there but “Immediately” means that all of the reported methods will unlock your phone, but so would just swiping right from the lock screen.

Apple has said as much in reply to these reports, but it bears repeating. If you activate Touch ID or set an immediate requirement for your passcode, none of these methods will work for anyone else. Besides, if all of this were true, we’re pretty sure that the FBI would have been doing it this whole time.

  • CelestialTerrestrial

    Here’s the only way I can think of that might work. First, they have to have a back up, if the back up is on iCloud, then they could just do a hard reset to the phone, use a new password to enter on the device and then have Apple reset the Apple ID password, since it’s LE that’s requesting and then restore from back up. Would that not work? I believe the FBI screwed up in that they changed the Apple ID password before they had a back up and I think that’s why the FBI screwed up on the 5C. From what I remember from the hearings, Apple told them to take the 5C back to the user’s house and have it perform an automatic backup to the Cloud, now if they didn’t have iCloud setup to perform backups, then they might be kinda screwed.

  • DrMuggg

    oh the stupidity….Why can’t people use their spare time to something useful instead….