Siri needs to brush up on her security. Using voice commands, one hacker claims it's possible to bypass the lock screen of an iOS device running version 7.1.1, access that phone's contacts list, and call a contact from the bypassed phone.
The reputed hack has its limitations. The hacker needs physical access to the phone, which needs to be running iOS 7.1.1 and have Siri enabled on the lock screen. Further, the hack only gives the hacker access to the phone's contact list. Still, it's easy to imagine how this bypass could be used to cause some Siri-ous trouble.
Egyptian neurosurgeon and part-time hacker Sherif Hashim discovered the trick, which he demonstrated in a YouTube video posted May 4. In the video, Hashim first tries and fails to unlock an iPhone using its TouchID fingerprint scanner, showing that the phone is locked. He then activates Siri and tries to access the phone's contact list by saying "Contacts."
"You'll need to unlock your iPhone first," Siri says. But then Hashim taps "cancel," activates Siri again, and says "Call." Siri then asks "With whom would you like to speak?" which allows Hashim to search the phone's contact list. From there he can scan the phone's entire contact list, and call anyone from that list.
This hack doesn't give the hacker access to any of the phone's other features.
When we tried the same hack, we were unable to access our iPhone 5s' full contact list. However, we could call contacts by guessing certain names, such as Michael.
Ultimately, it's up to users to decide whether they want Siri to be accessible via the lock screen. All you need to do is toggle the Siri button under "Allow Access When Locked" in the Touch ID & Passcode settings screen in iOS 7.