IPhone 6S Security Bug Bypasses Lock Screen Using Siri

A new vulnerability in iOS allows anyone to access photos and contacts on a locked iPhone without the need to enter a passcode – potentially putting millions of devices at risk.

The flaw appears to affect all versions of iOS 9, including iOS 9.3.1, which was launched last week, and can also be exploited using the TouchID fingerprint reader, including in all models from the iPhone 5S onwards

Risky

According to a YouTube video uploaded by security researcher Jose Rodriguez (see below), the bug can be accessed through Apple’s voice-recognition service Siri, opened by holding down the home button or using the “Hey, Siri” function, and then initiating a Twitter search.

If this search contains contact details such as an email address containing the “@” symbol, the device will then offer a 3D Touch gesture on this information to bring up a Quick Actions menu.

This menu includes an “Add to Existing Contact” option, which when selected opens up the Contacts list on the device. As Apple’s contacts also allow the addition of a photo to a contact’s profile, users can then also access the device’s full photo library to do so.

The flaw will only affect devices where the user has given Siri permission to access their Twitter account information, as well as to their Contacts or Photos, all of which require the owner to authenticate using a passcode or Touch ID.

There does not appear to be any official fix for the bug just yet, but users worried about the security of their device can disable Siri’s access to their photos, or fully disable Siri on the lock screen.

Apple had not responded to TechWeekEurope’s requests for comment at the time of publication.

Take our Internet security quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

2 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

3 days ago