A video surfaced online yesterday purporting to show a vulnerability in
iOS 9.3.1 that
Allows anyone to
Access Photos and
Contacts on a locked
iPhone without having to enter a passcode.
The YouTube video, uploaded by Jose Rodriguez and first spotted by
The Daily Dot, depicts a user performing a
Siri search followed by a ****** of relatively simple steps, one of which involves
3D Touch, limiting the exploit to
iPhone 6s and 6s Plus devices.
The procedure starts by invoking Siri on the locked phone by holding the home button or using the "Hey, Siri" function, and then asking the personal assistant to initiate a Twitter search. When the returned results include contact details such as an email address, a 3D Touch gesture is used on the contact information to bring up a Quick Actions menu. Tapping "Add to Existing Contact" then brings up the iPhone's
Contacts list. By selecting a contact and opting to add a photo to the entry, the phone's photo library can then be freely accessed.
The
Flaw is only applicable if the
iPhone owner has previously granted Siri permission to
Access Twitter account information as well as
Contacts or Photos, operations which require establishing ownership of the device with the passcode or
Touch ID. Nevertheless,
MacRumors can confirm that the exploit works as described on said devices with Apple's latest update to iOS 9 installed.
Users worried about the vulnerability can protect themselves by ensuring Siri's
Access to Twitter and
Photos is disabled. On your device, go to Settings > Privacy > Twitter and if Siri is listed, turn off its access. Likewise, in Privacy > Photos, turn any listing of Siri
Access to the Off position. Revoking Siri's
Access to your
Contacts requires the more drastic action of disabling Siri lock screen activation. To do so, go to Settings > Touch ID & Passcode and turn off the Siri switch.
Apple
released iOS
9.3.1 to the public last week, marking the first update to iOS 9 since iOS 9.3 launched on March 21.
Related Roundup:
iPhone 6s
Tags:
exploit,
iOS 9.3.1
Buyer's Guide:
iPhone (Caution)
Discuss this article in our forums
أكثر...