“Hey Siri” Exploit: How to Protect Yourself
Following the lead of Motorola, Apple introduced an always-on-mic function to Siri so that you may call your virtual assistant at any time without having to push the Home Button. When plugged in, the iPhone responds to “Hey Siri” and enables you to place a query. Unfortunately, this also introduced a security flaw that allowed malicious attackers to unlock your phone without having to input the passcode or go through Touch ID. Here’s a tutorial on how to minimize risk with regards to the “Hey Siri” exploit and protect yourself.
How does the “Hey Siri” hack work?
An attacker would walk up to your iPhone and say “Hey Siri”, then quickly press the Home Button once and swipe right on the screen to unlock the iPhone. In some cases, this would circumvent the security measures of the iPhone and allow full access to the phone. Security experts also call this an “iPhone passcode bypass” or “iPhone unlock bypass” attack. Fortunately, Apple was quick to fix this issue and the vulnerability was addressed in a later update. So far it seems that only devices on iOS 8.0.2 are vulnerable to this attack. See this video for a demonstration of the concept.
If you are worried that at some point in time the “Hey Siri” feature might compromise your iPhone, we recommend to turn the feature off. While nice to have, it is certainly not essential and you can get rid of it if you only use it seldom or not at all.
How to disable “Hey Siri”
Open up your “Settings” app and go to “General”, then look for the section labeled “Siri” and enter it. Now simply switch off the toggle next to “Hey Siri” and you are good to go.
How to check if “Hey Siri” is really turned off: Try connecting your iPhone to a power source and saying the hotword to check if the program is still listening. Should nothing happen when saying “Hey Siri”, the feature is definitely turned off. It’s better to be safe than sorry. Additionally,you are increasing your privacy by disabling the microphone this way.