There's A Huge Password Security Flaw In iOS 7 That Lets Siri Control Your iPhone

If you have an iPhone 5 or older and have updated your operating system to Apple's new iOS 7 version, you should be aware that the password (or "passcode") required on your phone's lock screen no longer prevents strangers from accessing your phone.

They can use Siri, the voice-command software, to bypass the password screen and access your phone, instead.

Simply hold down the home button, even while the phone is locked, and wait for Siri to ask you what you want. From there, we accessed Facebook, Twitter, text messages, email and phone calls, all on our iPhone 5. We even got access to our contacts app.

We first saw this flaw described on #ACBCases.

Access is limited. You can't see anything on the phone beyond the lock screen and the Siri interface, so you can't play Candy Crush Saga, for instance. But you can do a lot of important, basic phone stuff on someone else's phone - email, calls, text and social media are probably the majority of time-spent in mobile phone use.

We don't know why this flaw exists, although we've asked Apple for comment and we'll update the post when we hear back.

Here's one theory: On iPhone 5S, the new iPhone, access to the phone is through a fingerprint security device called Touch ID, which utilizes the home button as the fingerprint detector. Only the person who owns the phone can open it. If you're Running iOS 7 on an iPhone 5S it would be impossible to unlock the phone by pressing the home button.

The problem is that on earlier devices pressing the home button brings up Siri, not a fingerprint detector.