Monday, February 10, 2025
HomeMobile AttacksUnlock Iphone with Siri - Without password

Unlock Iphone with Siri – Without password

Published on

SIEM as a Service

Follow Us on Google News

Unlock Iphone with Siri : Password are the basic level of validation with smartphones, it will acts as a defence for our sensitive data.

In the post we are to see how easy to break this password if you are having an Iphone, because of an bur with Siri.

Steps to bypass the Authentication

Step1 : Dial the Targeted Phone number.

Step2: In the targeted phone click message icon and choose to send an custom message in responding to the call.

Step3: Siri need to be activated by long-press the home button, and tell the phone through siri “Turn On VoiceOver” . VoiceOver is a gesture-based screen reader that lets you enjoy using iPhone even if you don’t see the screen.

Step4: Return to the message screen and double-click on the bar where the contact info is displayed, and immediately click on the on-screen keyboard. This may take multiple attempts to get the timing right, but you will know you’ve succeeded when you see the “Photo” icon and other options slide in from the side above the keyboard.

Step5: So now we can ask Siri to disable “Turn On VoiceOver” , now come back to message and simply type first letter of the caller ID in top bar, then tap Φ icon which help us to add/edit contacts.

Step6: Now can select photo to set for contact “yes now you are victim gallery you can see all photos”, but still the phone is locked.

Step7: Also you can select any contact and you can see all the information’s like a boss.

For an Vedio Demonstration :

How to stay Secure

Until Apple releases you can disable Siri for Lock screen or Restrict Siri in accessing photos.

To disable Siri for lock screen Settings → Touch ID & Passcode and Disable Siri on the Lockscreen

To remove Siri access for Gallery Settings → Privacy → Photos

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

SHA256 Hash Calculation from Data Chunks

The SHA256 algorithm, a cryptographic hash function, is widely used for securing data integrity...

New Report of of 1M+ Malware Samples Show Application Layer Abused for Stealthy C2

A recent analysis of over one million malware samples by Picus Security has revealed...

Seven-Year-Old Linux Kernel Bug Opens Door to Remote Code Execution

Researchers have uncovered a critical vulnerability in the Linux kernel, dating back seven years,...

Ransomware Payments Plunge 35% as More Victims Refuse to Pay

In a significant shift within the ransomware landscape, global ransom payments plummeted by 35%...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

CISA Released Secure Mobile Communication Best Practices – 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has released new best practice guidance to...

Ghost Tap Attack, Hackers Stolen Credit Card Linked To Google Pay Or Apple Pay

Threat actors are exploiting a new cash-out tactic called "Ghost Tap" to siphon funds...

HookBot Malware Use Overlay Attacks Impersonate As Popular Brands To Steal Data

The HookBot malware family employs overlay attacks to trick users into revealing sensitive information...