A security flaw has been discovered in Apple’s mobile software iOS 9 that lets strangers exploit Siri in order to bypass lock screen on the latest Apple’s mobile operating system and gain access to contacts and photos stored in the device within 30 seconds.
Apple iOS is believed to be one of the most secure and advanced mobile operating systems on the market. However, this recently discovered security flaw found within the newly released version of iOS, which is iOS 9, has been demonstrated by numerous users through their YouTube channel.
Unfortunately, despite the flaw being publicly revealed on the Internet and despite it being easily found by anyone with little knowledge about search engines, the security team over at Apple were unable to get this flaw fixed even in the new update that is iOS 9.1.
Those readers who are not aware, the new iOS 9 was recently released by Apple and was available as a free update for iPhone, iPad and iPod touch users from September 16th. The Cupertino-based company has announced that more than 50 percent of devices are already upgraded to the latest mobile operating system. Also, millions of iPhone 6S and iPhone 6S Plus devices will be dispatched soon and will be running the Apple’s latest mobile software.
Apple’s press release clearly stated that:
“iOS 9 makes iOS devices more intelligent and proactive with powerful search and improved Siri features, all while protecting users’ privacy.”
And now thanks to the intelligent personal assistant, Siri, any knowledgeable manipulator/stranger will be able to bypass the lock screen security code of your iPhone, iPad and iPod touch running iOS 9.0 or iOS 9.1, and will be able to access your photos and contacts stored in your device.
How Siri Can Be Exploited To Bypass iOS 9 Lockscreen
Here are the steps anyone can follow to exploit Siri to bypass lock screen on iOS 9:
Step #01 – Begin by making four incorrect passcode attempts.
NOTE: Fifth incorrect attempt will temporarily lock you out for a while.
Step #02 – Now in the fifth attempt, enter any 3 digits. Leave the last digit placeholder empty and jump to the step number 03.
Step #03 – Here comes the tricky part. Invoke Siri by pressing and holding the “Home” button then immediately enter the remaining 4th digit.
Step #04 – The device will be temporarily locked, but in the meantime Siri will be invoked.
Step #05 – Ask Siri, “what time is it?”
Step #06 – Tap on the “Clock” icon to launch the Clock app.
Step #07 – Now add a new clock by tapping on the “+” icon located on the upper-right corner.
Step #08 – In the field labelled “Choose a City,” type any random text and then tap onto the same field again to pop-out a selection menu.
Step #09 – Tap on the “Select All” option to pop-out a copy & paste menu.
Step #10 – Tap on the “Share” option to pop-up a share menu.
Step #11 – Tap on the “Message” icon to open a “New Message” template.
Step #12 – In the “To” field, type any random text and then tap on “return” button.
Step #13 – Select the text entered into the “To” field by tapping on it. Tap again to open the “Info” page.
Step #14 – From here, you can gain access to all the contacts and photos stored in the device.
To access contacts, tap on “Add to Existing Contact”, which will open “All Contacts” menu from where you can search for contacts and tap on any of the name to see more information of that contact including phone number and email address.
To access photos, tap on “Create New Contact”, then tap on “Add Photo” and then tap on “Choose Photo”. Now you can see all the photos and albums stored in the device, and you can even tap on any of the album to browse and view each photo individually.
How Siri Can Be Exploited To Bypass iOS 9 Lockscreen
For those who are unable to understand or follow the steps outlined above can follow the video demonstration embedded below to bypass iOS 9.0 and iOS 9.1 lock screen on iPhone, iPad and iPod touch.
How To Protect Your Device From iOS 9 Lockscreen Vulnerability
Until an official security fix has been issued by Apple, this issue can be temporarily fixed by preventing access to Siri from the lock screen.
Step #01 – Go to “Settings”
Step #02 – Tap on “Touch ID & Passcode”
Step #03 – Scroll down until you find an option with “Allow Access When Locked” heading.
Step #04 – From there, turn the toggle next to Siri to off position to revoke its access from the lock screen.
Now your device is safe from the lock screen vulnerability.
