Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

iOS 9 security flaw grants unrestricted access to Photos and Contacts

Last updated

A video making the rounds this week claims to disclose an iOS 9 security flaw that bypasses a passcode protected lock screen to grant unhindered access to a device's stored photos and contacts.

The somewhat involved process was discovered by Jose Rodriguez, who also uncovered an obscure iOS 6.1.3 lock screen bypass two years ago.

As described in Rodriguez's proof-of-concept video the procedure takes advantage of an apparent bug related to Siri lock screen access and iOS 9's five-attempt lockout policy. Under a specific set of circumstances invoking Siri from an iPhone or iPad's lock screen grants limited system access.

Rodriguez confirmed to AppleInsider that he does not own the iPhone used in the demonstration, nor were his fingerprints registered with Touch ID. AppleInsider independently confirmed the bypass' validity in a series of tests. It should be noted that only devices protected by simple four- or six-digit passcodes are vulnerable to attack, while those with long alphanumeric passwords remain unaffected.

Apple has yet to address the bypass, though tests showed today's iOS 9.0.1 update and iOS 9.1 beta versions do not contain a fix.

In lieu of an permanent solution from Apple, concerned users can disable Siri lock screen access by navigating to Settings > Touch ID & Passcode, entering their current passcode and deactivating Siri under the "Allow access when locked" heading. Alternatively, the bypass can be thwarted by creating a custom alphanumeric passcode.

Unfortunately, iOS is no stranger to lock screen bypass bugs, as evidenced by iOS 7, iOS 6 and iOS 4.



59 Comments

jfc1138 12 Years · 3090 comments

Plan "A"?* Don't lose your phone. * Not a "fix", merely a solution. ????

jungmark 13 Years · 6927 comments

I don't have Siri enabled on the lock screen. Still, it's a bug that needs fixing.

suddenly newton 14 Years · 13819 comments

iOS 9 will be secure and stable just in time for iOS 10's release. Rinse, Repeat.

chez whitey 11 Years · 148 comments

I'd erase my iPhone within minutes of being stolen

bluefire1 10 Years · 1311 comments

So use a seven digit passcode until a fix is ready.