iPhone 6s Lockscreen / Passcode Bypass (iOS 9.3.1)
A new passcode bypass bug or lockscreen bypass bug is currently threatening the privacy and data security of iPhone 6s users. The exploit works on iOS 9.3.1 and possibly on older versions of Apple’s mobile operating system. Attackers can use the bug to spy on your photos and contacts without knowing the passcode or having a registered Touch ID fingerprint. Although it is quite a severe security risk and yet another uncomfortable mistake by Apple in along line of security failures that work incredibly similarly, only very few users are actually affected by the bug due to the prerequisites. You need to have Siri enabled on the lockscreen and the virtual assistant needs to be permitted to access the Twitter app as well as your photos.
How to bypass lockscreen on iPhone 6s
- Lock the device
- Invoke Siri by double-pressing the Home Button
- Tell Siri to “Search Twitter”
- then append a valid email address ending to your query when Siri asks you what she should search for, such as “at hotmail dot com” or “at gmail dot com”
- When Siri presents you with tweets containing a valid email address, tap it, then deep press (using 3D Touch) one of the results to bring up the context menu
- From the context menu, select either Add to Existing Contact or Create New Contact, depending on what you would like to spy on
Creating a new contact allows you to pick a photo for the profile of this newly created person in your database from, you might have guessed it, the photo library on the device you haven’t yet unlocked!
Acting like you want to add the email address from the tweet to an existing contact enables you to browse through the list of contacts and view their details. Again, without having to unlock the device using a passcode or Touch ID.
Lets hope Apple fixes this exploit in the very near future!
Workaround for now: Disable Siri on the Lock Screen
Go to your Settings app, select Privacy and disable Siri on the Lock Screen for the time being, if you believe that you could be affected by the exploit. Apple is probably aware of the issue and will fix it in a forthcoming patch, such as iOS 9.3.2 or another upcoming update.