A couple of weeks back, Apple released iOS 7.1.1 software update containing various bug fixes and security updates, in addition to Touch ID enhancements and other performance improvements including better battery life. However, it seems that Apple missed yet another lock screen bug in the latest iOS update, with this one allowing any one full access to the iPhone’s contacts without unlocking the device (via BGR).
“With this hack, anyone can make calls to any of your contacts even when you have locked your iPhone with a passcode. It doesn’t matter if you have implemented TouchID or just have a simple 4-digit password.”
As you can see in the video embedded at the end, using Siri in the lock screen and a simple call command can expose your entire phone book. Once the contacts are viewed, one can call just about anyone in the list without requiring any authentication to unlock.
So until Apple patches this bug with another iOS update, we recommend our users to disable Siri on lock screen from the Settings menu.