A critical security flaw in Apple's newest iPhones running the latest
version of the iOS operating system allows anyone to bypass the phone's
lockscreen and gain access to personal information.
The iPhone lockscreen bypass bug only works on the iPhone 6S and
iPhone 6S Plus, as these devices take advantage of the 3D Touch
functionality that is used to bypass the lockscreen passcode and access
photos and contacts.
The lockscreen bypass bug is present in iOS 9.2 and later, including the latest iOS 9.3.1 update, released last week.
Anyone with physical access to an affected iPhone can gain access to the
victim's photos, emails, text and picture messages, contacts, and phone
settings, according to the Full Disclosure mailing list.
Here's How to bypass iPhone's Lockscreen
Step 1: If you own iPhone 6S or 6S Plus, first lock your device.
Step 2: Invoke Siri and speak 'Search Twitter.'
Step 3: When Siri asks what you want to search for, reply her:
'at-sign Gmail dot com' or any other popular email domain, as the aim is
to find a tweet containing a valid email address.
Step 4: Once you get the results, tap on a tweet with a valid email address.
Step 5: Now 3D Touch that email address in order to bring up the contextual menu.
Step 6: Tap 'Create New Contact.'
Step 7: Now add an image in order to view all the images on the device.
You may have to give Siri access to the Photo Library. You can even see
contacts on the iPhone by using the 'Add to Existing Contact' option
instead.
Video Demonstration:
You can also watch the video demonstrating the security issue.
However, it's as simple to access user's personal data on a locked
iPhone as to fix the bug yourself while waiting for Apple to roll out a
permanent fix.
Here's how to Fix the iPhone Lockscreen Bug
The vulnerability can be temporarily fixed by just disabling Siri from
the lockscreen though it will cripple your iOS 9.3 or iOS 9.3.1
experience.
- Go to the Settings → Touch ID & Passcode and Disable Siri on the Lockscreen.
Alternatively, you can just remove Photos access from Siri, so that
anyone with the advantage of the flaw can not view any of your personal
pictures.
- Go to Settings → Privacy → Photos and then prevent Siri from accessing pictures.
Of course, Siri could still ask your permission to view photos on the
iPhone when somebody would try to abuse the security issue.