The Internet has exploded recently over reports claiming that evildoers can trick Siri, Apple’s digital assistant, into giving them access to your iPhone without entering your passcode. But our own testing confirms that these claims aren’t just exaggerated; they’re hilariously mistaken and wrong.
Posts warn against the “terrifying new way” that teh haxxorz can get into all of your secret data, but the people reporting on and testing the supposed methods are really just taking a really long path to unlocking their own phones normally.
Reporters and YouTubers say that from the lock screen, you can hold down the Home button to activate Siri. If you ask Siri what time it is, you can tap on the clock icon that appears to get to that setting screen. You could also just get there from swiping up from the lock screen to get to the Control Center and tapping on the clock there, but it’s not our super-secret hacking method.
Once you have nefariously tricked Siri into giving you access to the iPhone’s vulnerable clock, reports claim, you can go to the Timer tab and hit “When Timer Ends.” At the top of the next screen, you can hit “Buy More Tones,” which will take you to the iTunes Store, and from there, you just need to hit the Home button again, and you’re in.
We’ve seen variations. One YouTube video includes a laughably circuitous method that has you going through the Clock app’s World Clock tab and then sharing selected, arbitrary text with a contact that you create specifically for this.
But here’s what we think is actually happening: Regardless of what other arcane wizardry they claim to be performing, the testers are activating Siri using the thumb they’ve tied to Touch ID. In other words, their phones are unlocked as soon as they turn on the digital assistant. After that, they’re just doing a bunch of random crap before they go back to their home screens.
“I’ll preface this with a warning that I tried this trick a number of times, and although we were overwhelmed that it worked the first time, the phone seemed to wise up to my wily ways after that and didn’t work so smoothly,” a reporter at Cosmopolitan UK says. “But it’s worth a try, nevertheless.”
This article supposes that the iPhone has some kind of weirdo “everybody gets one” rule that only lets you break into someone’s phone a single time, so make it count, people. What we think is more likely is that the writer used different fingers in subsequent attempts.
If your phone doesn’t require Touch ID to unlock, we’ve identified another setting that might lead some people to think that their phones are vulnerable. Go to Settings > Touch ID & Passcode > Require Passcode, and you can set how long your device will sit idle before it asks for some verification. You can choose “Immediately” or set a delay of one, five, or 15 minutes, an hour, or four hours.
But here’s the important part: Having anything there but “Immediately” means that all of the reported methods will unlock your phone, but so would just swiping right from the lock screen.
Apple has said as much in reply to these reports, but it bears repeating. If you activate Touch ID or set an immediate requirement for your passcode, none of these methods will work for anyone else. Besides, if all of this were true, we’re pretty sure that the FBI would have been doing it this whole time.