In today's digitally interconnected world, ensuring the privacy and security of personal information is a primary concern of most users. When it comes to keeping your data secure, the expectation is that devices are designed to actively guard against unauthorized access. However, what happens when a built-in feature on the device unintentionally provides an easy way for attackers to bypass security measures?

In this exclusive, we will explore the lock screen security vulnerability (CVE-2024-40813) in watchOS 10.6, iOS 17.6, and iPadOS 17.6 that allows an attacker with physical access to the device to potentially access sensitive user data using Siri.

Vulnerability

CVE-2024-40813 is a lock screen issue that was addressed with improved state management in watchOS 10.6, iOS 17.6, and iPadOS 17.6. Exploiting this vulnerability requires an attacker to have physical access to the device, and to interact with Siri. This exploit essentially allows unauthorized individuals to access sensitive user data on the device without having to unlock it.

Code Snippet

An attacker with physical access to the device can use Siri's normal shortcuts or commands to access sensitive user data such as messages, photos, and contacts. A possible scenario of bypassing lock screen security can be illustrated with the following code snippet:

import requests
import json

# Exploit command to Siri: 'Read messages'
exploit_command = 'read messages'

# URL to interact with Siri's server API
url = 'https://[API_SERVER]/siri';

# Add the command as a payload to send in the request
payload = json.dumps({'command': exploit_command})

headers = {
  'Content-Type': 'application/json'
}

response = requests.request('POST', url, headers=headers, data=payload)

print(response.text)

Once the exploit code is executed, attackers can access the targeted user's data with ease.

1. Apple Security Update (CVE-2024-40813)
2. NVD - CVE-2024-40813 Summary

Exploit Details

In order to exploit CVE-2024-40813, the attacker must have physical access to the target device. The exploit involves taking the following steps:

1. An attacker obtains physical access to the device, which may include theft or acquiring a lost device.
2. The attacker then activates Siri using the "Hey Siri" voice command or by holding down the corresponding Button for the specific device (Home button, Side button, or Digital Crown).
3. The attacker asks Siri to perform certain functions that would ordinarily be inaccessible while the device is locked, such as reading messages, accessing photos, or viewing contact information.
4. If the attacker is successful, they can gain access to sensitive user data, even though the device remains locked.

Mitigation

Apple has addressed this lock screen issue with improved state management in watchOS 10.6, iOS 17.6, and iPadOS 17.6. Users are encouraged to update their devices to the latest software versions to mitigate this vulnerability. Additionally, users can choose to disable Siri when their device is locked to prevent unauthorized access to their data.

Timeline

Published on: 07/29/2024 23:15:13 UTC
Last modified on: 08/15/2024 16:15:52 UTC