⋮    ⋮  

Here’s A Fix For iOS 9’s Security Flaw That Lets Anyone See Your Contacts, Photos Without A PIN

Ali Salman
Posted 1 year ago

iOS 9 boasts a lot of new and improved features that we all love. The adoption rate passed more than 50 percent, which is quite a mark for an operating system that launched a mere week ago. On the other hand, Apple’s new iPhone 6s and 6s Plus are also set to be delivered on Friday this week. With such anticipation and a handful of cool features, everything sounds perfect. Not quite, as the newly discovered security flaw in iOS 9 can enable anyone to play with a user’s contacts and photos without a PIN.

iOS 9 security

Since a lot of devices are running Apple’s latest iOS 9 firmware, there is a scope that many users will be a victim to this security flaw. The way it works is simple as it involves Siri as a hijacked assistant. There are also other bunch of actions that an anonymous person must do, but those are not very difficult to handle either.

So let’s see how this security flaw in iOS 9 can grant access to a person’s contacts and photos.

Here’s How The iOS 9 Security Flaw Works

We are going to tell you how this security flaw / hack works. In order to bypass the PIN code on the lock screen, one must input the wrong passcode four times. The fifth try is where it gets tricky. Input three PIN code numbers out of four, or five out of six (if you have enabled 6-digit passcode option) and then press and hold down the Home button to activate Siri as you enter the last digit of the code. Once you do this, Siri will be activated while on the same time your iOS 9 running device will be disabled in the background.

Zuckerberg's Security 101? Tape Up Your Webcam and Microphone

Moving on, ask Siri about the time and when it is displayed, tap on the clock face that shows up. Once you tap it, you will be redirected to the stock Clock app. Then the person trying to breach in will press the little ‘+’ sign and tap any random letter in the bar. Double tap on your typed scripture which will then reveal several options like share, copy and others. Tap ‘share’ which will pop out the share sheet from the bottom of the display. The share sheet will always display iMessage as a default app so you can just tap on it.

iphone security


Tapping on iMessage will open the Messages app. At the ‘To’ bar, you can search for any name by just typing the initials or the complete name. All of the contact information of a person will be displayed right in the Messages app. This is how your contacts’ information can be leaked.

To search for photos, the stranger will type some random letters in the ‘To’ section of the Messages app and press Return. Doing this would highlight your letters which you can tap on to go to the contacts section. In this section you will be asked if you want to save the contact or add it to an existing contact. Now when you tap to create a new contact, it will take you to the next screen where you can just tap on the ‘add photo’ icon to add a new photo from your Camera Roll. Doing this would reveal the entire Camera Roll photos to the user including albums.

One iMessage Can Hack Your iOS Device Or Mac, Here's How To Protect Yourself

Fix For The iOS 9 Lock Screen Bypass

This is one of the biggest security loopholes in iOS 9 and can be recreated quite easily. To prevent this from happening users can simply turn off Siri access on the lock screen. Users can do this by navigating to Settings > Touch ID & Passcode and then scroll down to the ‘Allow access when locked’ section and toggle the Siri option off. That’s it. Moreover, iOS 9.0.1 has been released, users can simply stay updated to avoid such kinds of loopholes and security flaws.

This is it for now folks. If you have been a victim of iOS 9’s security flaw, share your thoughts in the comments section below.


Share on Facebook Share on Twitter Share on Reddit