iOS 7.1 Security Flaw Exposes Your Contacts Through Siri

A new security flaw has been reported in iOS 7.1 which could see anyone access your contact lists without having to unlock your iPhone.

An Egyptian neurosurgeon and part-time security researcher, Sherif Hashim, claims to have discovered a new flaw in iOS 7.1's Siri Voice Assistant which allows anyone to bypass the iPhone lock screen and access a full list of your the contacts.

Apple has yet to comment on the latest security risk to iPhone users, and has yet to reply to a request for comment from IBTimes UK.

According to Hashim, by asking Siri to search your contacts while the phone is still locked, and then typing in "Call a" you will return a list of all contacts.

The process is detailed in the video below but on an iPhone 5c, running iOS 7.1.1, we were unable to successfully access the full list of contacts in the same way as Hashim, despite the researchers claiming the phone is running the same version of Apple's software.

Therefore this would suggest that the issue is isolated to the iPhone 5s.

In the video, Hashim first attempts to unlock the phone via its TouchID fingerprint scanner. After failing to get through, he then activate Siri and tries to access the phone's contact list by simply saying 'Contacts'.

In response, the voice assistant says that he needs to unlock the smartphone before he can proceed.

Hashim simply hits the cancel button and instructs Siri to initiate a call to a contact.

You can prevent this happening completely by disabling Siri in the lockscreen in the Passcode section of the Settings menu.

While this flaw would not make it possible for hackers to remotely access your iPhone, it would make an iPhone vulnerable to attackers who have physical access to it.

Earlier this week reports revealed that a bug in version of Apple's iOS 7 and higher left email attachments on iPhones and iPads unencrypted. Apple has confirmed that it is aware of this issue, but did say when it would release a patch to fix it.

Last month, Apple was forced to address a critical security flaw with iOS 7.1 which allowed attackers make a "triple handshake attack" - targeting the authentication system which applications uses to make secure connections. Apple addressed this flaw in the iOS 7.1.1 update.