Messages sent to your iPhone may not be as private as you think.
Apple has confirmed media reports that your iPhone may not be keeping your messages as private as you think.
With iOS 11, Apple introduced a privacy feature that allows you to hide message content on your lock screen. The idea if that you may want to know that you have received a message or any other type of notification, but not see what the message says.
It certainly seems like a reasonable way to prevent nosy-parkers from seeing what your friends or family might have privately said to you.
However, a bug initially discovered by Brazilian website Mac Magazine reveals that anybody can access hidden messages from third-party apps that appear as notifications on locked iPhones – just by asking Siri to read them out loud.
Although the privacy hole does not appear to impact communications sent via Apple’s own Messages app, other third-party tools such as Gmail, Signal, Skype, Telegram, Facebook Messenger, and WhatsApp are affected.
In tests, MacRumors reports that it managed to reproduce the privacy flaw on an iPhone X running iOS 11.2.6 and the latest iOS 11.3 beta.
Apple has said it is “aware of the issue” and has promised to fix the issue “in an upcoming software update.”
If that sounds a familiar refrain, then you’re right. Over the years there have been a surprising number of security issues found where Siri has played a key role in allowing unauthorised users to access iPhone owners’ data. Let’s hope that, when it finally arrives, Apple’s fix will resolve the issue once and for all.
In the meantime, what can you do about this?
Well, here are a few suggestions:
- Review your apps, and disable lock screen notifications for any which you judge to be sensitive. You can do this by entering Settings >Notifications, finding the app in question and then disabling the option of “Show on lock screen.”
- Completely disable Siri when your iPhone is locked. You can do this by disabling “Allow Siri when Locked” under Settings > Siri & Search.
- Fully disable Siri.
Of course, you might find it a nuisance to not have Siri available when your iPhone is safely locked. But never forget that it’s even more of a problem to discover that someone else has been reading your hidden messages.
written by Graham Cluley, ESET We Live Security