iOS 9 security flaw grants unrestricted access to Photos and Contacts
A video making the rounds this week claims to disclose an iOS 9 security flaw that bypasses a passcode protected lock screen to grant unhindered access to a device's stored photos and contacts.
As described in Rodriguez's proof-of-concept video the procedure takes advantage of an apparent bug related to Siri lock screen access and iOS 9's five-attempt lockout policy. Under a specific set of circumstances invoking Siri from an iPhone or iPad's lock screen grants limited system access.
Rodriguez confirmed to AppleInsider that he does not own the iPhone used in the demonstration, nor were his fingerprints registered with Touch ID. AppleInsider independently confirmed the bypass' validity in a series of tests. It should be noted that only devices protected by simple four- or six-digit passcodes are vulnerable to attack, while those with long alphanumeric passwords remain unaffected.
In lieu of an permanent solution from Apple, concerned users can disable Siri lock screen access by navigating to Settings > Touch ID & Passcode, entering their current passcode and deactivating Siri under the "Allow access when locked" heading. Alternatively, the bypass can be thwarted by creating a custom alphanumeric passcode.