Although iOS 9.3.1 is considered the most secure operating system Apple to date, it still contains security vulnerabilities that would allow any user to access contacts and photos on iPhone 6s and iPhone 6s Plus, ignoring the password entered on the lock screen.
This vulnerability only works on the latest devices from Apple, as it uses technology 3D Touch. The steps to bypass the blockage are incredibly simple and only take a few minutes. This is a pretty big vulnerability and almost anyone can take advantage of it.
The video below demonstrates how it works. You start asking for Siri something on Twitter, then long press on one of the results. iOS 9 let you add a contact, after which you see the entire list of contacts.
Moreover, it gives you the ability to assign a photo to a contact, which in turn gives you access to all the photos and images stored on your device.
Although this vulnerability only affects the latest iPhones running the latest version iOS, a huge number of devices nevertheless fall into this category. And this is a serious flaw of the new iOS and Apple should fix it as soon as possible.
The Cupertino-based company has not yet commented on this flaw, but you can protect yourself on your own with a few simple steps.
- Open the Settings app on iPhone
- Press Twitter
- Disable access to Siri
This will restrict Siri access to Twitter and you will not be able to search for or send tweets using voice commands.