Belfast Telegraph

UK Website Of The Year

iPhone iOS 9 hack lets anyone see all photos and contacts even if device is locked

Published 24/09/2015

iOS 9 hack: Speaking to Siri to help open the Clock app allows people unfettered access to the Photos and Contacts app
iOS 9 hack: Speaking to Siri to help open the Clock app allows people unfettered access to the Photos and Contacts app

A bug in iOS 9 lets anyone see all of a person’s pictures or contact information, even if they have locked their phone.

A very quick workaround, which uses Siri, lets people into the phone even if the passcode and Touch ID fingerprint sensor is turned on.

To exploit the bug, would-be hackers repeatedly mash the numbers on the passcode screen until the iPhone threatens to lock the user out. Speaking to Siri to help open the Clock app, and then clicking through, allows people unfettered access to the Photos and Contacts app, potentially making available personal data.

The exploit has been shown in a proof-of-concept video by Jose Rodriguez, who has a track record of finding similar bugs in iOS. Rodriguez confirmed that the phone was not his to Apple Insider.

The bug can be easily prevented by heading to Settings and choosing Touch ID & Passcode. Turning off Siri when the phone is locked stops the hack from working.

Read more

Apple iPhone 5s unlocked by nipple  

Another way of keeping the phone safe is by using a longer, alphanumeric password, rather than the four or six digit passcodes that are set up by default.

The problem does not seem to have been fixed in iOS 9.0.1, the recently rolled out update to the system.

Similar bugs have been found in various first updates to iOS — versions 7, 6 and 4 were all initially vulnerable to similar hacks. Since the iPhone’s lock screen is the main defence against people getting unwanted access to the phone, it has become a particular target for hackers.

Independent

Independent News Service

Your Comments

COMMENT RULES: Comments that are judged to be defamatory, abusive or in bad taste are not acceptable and contributors who consistently fall below certain criteria will be permanently blacklisted. The moderator will not enter into debate with individual contributors and the moderator’s decision is final. It is Belfast Telegraph policy to close comments on court cases, tribunals and active legal investigations. We may also close comments on articles which are being targeted for abuse. Problems with commenting? customercare@belfasttelegraph.co.uk

Read More