A brand new security bug has been discovered in iOS 11 which allows anyone to access hidden lock screen messages. The culprit behind the mess is Siri, the star of many software loopholes in the past.
A Brazilian site named Mac Magazine discovered the flaw in all versions of iOS 11, including the most recent iOS 11.3 beta. While most people allow notifications to be displayed on the screen by default, there are some who’d prefer to keep their messages private.
For those few, iOS 11 has a way to shield lock screen notifications from view. They simply have to head into Settings > Notifications > Show Previews and select “When Unlocked.” This will make sure messages can only be seen after the iPhone has been unlocked via Touch ID or Face ID.
That’s actually what’s supposed to happen, but it turns out anyone can just trigger Siri through the home button while in the lock screen and ask it to read notifications out loud. The voice assistant will do this for all third-party apps like WhatsApp, Skype and Telegram.
It seems the only application immune to the bug is Apple’s Messages app. If a user tries to ask Siri to read an iMessage, it’ll ask them to unlock the iPhone first. It seems strange that the company had the presence of mind to apply this layer of protection for its own application, but didn’t think of doing the same for others.
In any case, Mac Magazine told Apple about the issue and the firm is now working to fix it. If you want to be extra cautious till a software update comes out, you can disable lock screen notifications or ban Siri from the lock screen completely.