Thursday, September 24, 2015

iOS9 bug allows acess to photos and contacts in locked iPhones

Seems that bugs that allows us to bypass lockscreen protections are becoming the norm, and not even the new iOS9 escapes the trend, with a bug that allows anyone to access your contacts and see all your photos on a locked iPhone or iPad, even if it has TouchID enabled.

This isn't the first time iOS (and Android for that matter) have bugs that allow anyone to bypass the lockscreen protection. This time, it's one that allows you to access photos and contacts on a locked iPhone, even in PIN or Touch ID protected ones.

The process is somewhat convoluted, but all you have to do is:
  1. Wake the iOS device and Enter an incorrect passcode four times.
  2. For the fifth time, Enter 3 or 5 digits (depending on how long your passcode is), and for the last one, press and hold the Home button to invoke Siri immediately followed by the 4th digit.
  3. After Siri appears, ask her for the time.
  4. Tap the Clock icon to open the Clock app, and add a new Clock, then write anything in the Choose a City field.
  5. Now double tap on the word you wrote to invoke the copy & paste menu, Select All and then click on "Share".
  6. Tap the 'Message' icon in the Share Sheet, and again type something random, hit Return and double tap on the contact name on the top.
  7. Select "Create New Contact," and Tap on "Add Photo" and then on "Choose Photo".
  8. You'll now be able to see the entire photo library on the iOS device, which is still locked with a passcode. Now browse and view any photo from the Photo album individually.

The entire process makes us think "who has the time and patience to find out these sequences?" But I guess that, for some people, it will be similar to mastering some crazy hard platform arcade game where you have to have crazy fast reflexes to push the right buttons at the right time.

Just yesterday Apple release iOS 9.0.1 with some bug fixes; it seems it won't take long for us to see a iOS 9.0.2 popping up. Till then, if you're worried about this, you can protect against it by disabling access to Siri from the lock screen (in Settings > Touch ID & Passcode).

No comments:

Post a Comment

Related Posts with Thumbnails

Amazon Store