We’re not sure how long this bug has been around, but it turns out that users can ask Siri to read out the contents of hidden notifications right from the lock screen — no authentication needed.
The issue was first tipped to and publicized by MacMagazine in Brazil and was spotted in both the stable iOS 11.2.6 release and the current iOS 11.3 beta as well. For some reason, contents of hidden iMessages (or just Messages) notifications aren’t read out while the iPhone’s locked. That’s a relief in one aspect, but it’s something that can’t excuse the other apps’ private contents from being spilled out.
MacRumors has contacted Apple and has also gotten word back that the company is aware and is working towards a fix for a future software update. In the meantime, users who wish to proof themselves from this exploit can either go into the notification settings and toggle off the “Show on Lock Screen” feature for the apps they’re concerned about. Users can also go into the settings for Siri and disable functionality when the device is locked.