IOS 9 Lock Screen Vulnerability Gives Attackers Access to Your Photos and Contacts

It seems that every time we get a new version of iOS, someone finds a way to bypass the password and figure out the parts of the device . This time, Youtube user videosdebarraquito demonstrates a simple Siri exploit that provides access to photos and contacts.

This time, some nasty user can log into your phone’s Photos app from the Contacts screen. The video above shows that you need to enter your password incorrectly several times and then enter half of the password before calling Siri. Then ask Siri, “What time is it?” tap one of the alarms, then go to the World Clock tab and create a new clock. Enter a letter or two here, then tap to select the entire word. When the pop-up window appears, select Share and then a text message. You now have access to the Contacts app, which also gives you access to your photos if you try to change a contact’s photos.

This isn’t the first time Siri has caused something like this , and it’s probably hard to balance features with security. It’s not the end of the world, of course, but then again, don’t store sensitive photos on your phone . Fortunately, preventing this exploit is fairly easy and you have two options. First, you can simply change your password to alphanumeric , which is more secure anyway. Otherwise, you can simply turn off Siri on the lock screen. Just go to Settings> Touch ID & Password, then turn off Siri under Allow Access When Locked.

More…

Leave a Reply