Only way to protect against flaw that make four and six digit passcodes useless is to disable Siri on lockscreen
Apple has still not patched an alleged flaw in iOS 9 that allows anyone to bypass the lock screen’s security features to access contact details and photos
Jose Rodriguez, who has exposed lock screen vulnerabilities in previous versions of iOS, was able to gain access to certain data by summoning Siri at the same time he entered the final digit of an incorrect PIN code.
iOS 9 security
In a step-by-step video detailing the bug, Rodriguez asked Siri for the time and was able to access the Clock app. From here he searched for a location in the world clock tab, highlighted text in the search bar and shared it through the messages app.
Here, it is possible to access contact details and create a new contact. This gives you the option of adding a contact photo – a process which provides access to images stored on the device. Even if a user taps the home button, they can return to the previous screen simply by summoning the quick access tool bar and selecting the clock app once again.
On his Twitter account, Rodriguez notes the claimed vulnerability still works in iOS 9.0.1, released earlier this week, and says the only way to protect yourself is by disabling Siri from the lock screen.
TechWeekEurope has asked Apple to confirm the existence of the flaw and whether it is working on a fix and will update this article if we receive a response.
Ironically, upgrading to iOS 9 is the only known way to protect against another vulnerability in iOS which allows an attacker to hijack a device using the Bluetooth-powered AirDrop feature.
How well do you know Apple? Take our quiz!