Siri Bypasses Passcode Prompt with Timer App

Update: Initially, Apple disregarded it as a non-issue. A few weeks later, I received an email asking for a video and more information. They asked me not to talk about it while it was being investigated, so it seems they took this seriously. However, they eventually stated it was working as intended and reiterated that I should use the "Immediately" setting if I was concerned. I was disappointed, but I can no longer reproduce this after iOS 6 was released. 

When the iPhone 4S was released, there was some complaints about Siri allowing a user to use the service without the passcode. You can check your calendar, make a phone call, etc. even while the phone is locked. That's not good, but at least Siri can't show anyone your files or give them access to your apps. Apple also provides you with the option to disable Siri when the phone is locked.

I stumbled across a slightly different issue today. By using Siri, I was able to bypass my passcode prompt and get to my homescreen. I reported the issue to Apple via email. Here is that email.


It is possible to get beyond the passcode lock without the code by using Siri and the timer app. While the iPhone 4S is locked, hold the home button to activate Siri. Instruct Siri to set a timer for two minutes (the minimum for this to work) and wait. While waiting, let the phone turn off the screen and lock. You can use a kitchen timer when the screen turns off.

Once the timer is almost to zero:

1. Turn the phone on

2. At the last second, swipe to unlock

When the timer is complete, the pop-up notification takes you to the homescreen, bypassing the passcode lock.
Here are the conditions I had to use to reproduce it:

1. The phone must turn itself off during the timer's duration, so my phone was set to turn off after 1 minute.
2. The phone must lock itself, so the passcode was set to 1 minute.
3. You have to swipe at the last second, so an external timer is necessary.

I'm not 100% certain the phone has to turn itself off, but I can confirm that setting the passcode lock to lock "Immediately" resolves the issue.

This can be easily reproduced using an iPhone 4S running iOS 5.1.1.
I stumbled into this by making coffee. I had Siri set a two minute timer for my Aeropress. When I went to unlock the phone to check the timer, it had just hit zero and I was surprised to see the phone kick me to the homescreen. I had to reproduce this madness immediately.

Normally I let my phone lock itself after 15 minutes, but that was too long to wait. I set the phone to lock after one minute and shut-off after one minute. I then set a timer for two minutes, from the lock screen, using Siri. I let the phone turn-off itself and watched my microwave's timer to see the rest of the countdown.

Every single time, the phone would kick me to the homescreen if I swiped to unlock as the timer ended.

Instead of the regular lockscreen notification, you see the full iOS bubble alert with the OK button. You are then taken to the homescreen

I have not done any extensive testing to see if the phone must lock itself, or to see if any other variables can be changed or dropped. I can say that setting the passcode to lock 'Immediately" seems to fix it.

### If you enjoyed this article, please consider leaving a comment! Thanks for reading.

No comments: