Huge loophole in iOS 9 bypasses lock screen to grant access to contacts and photos
Huge loophole in iOS 9 bypasses lock screen to grant access to contacts and photos
You’ll never guess the accomplice that enables
unauthorized user access on iOS 9 devices. She lives within the system
itself.
A potentially massive loophole has been uncovered in the iOS 9 device lock screen, enabling access a user’s contacts and photos without ever having to enter the correct PIN.
In a YouTube video posted by an individual called Jose
Rodriguez, he goes through the motions of demonstrating how this can be
done by recruiting none other than Apple’s own built-in voice assistant
Siri.
Here’s how it appears to work: after entering an incorrect PIN several times, he launches Siri
from the lock screen, then simply asks what time it is. When the
results show up, there’s a search field at the top of the screen from
which he proceeds to further search for information from areas of the
iPhone such as the Contacts, Messages and Photos. All of this without
ever leaving the lock screen.
It is clear this is a significant loophole that is likely to be addressed by Apple
shortly, but in the meanwhile it appears that several areas of the
device containing personal information in iOS 9 are open to access.
This flaw only adds to the prevalent issues
that have cropped up since iOS 9 was launched recently. In the interim,
one recommended method to prevent unauthorised access using this method
is to simply disable Siri access on the lock screen.
No comments