Apple might be working on making iOS more secure than ever, but that doesn’t mean there aren’t bugs in the operating system that hackers can exploit to access data on the company’s devices.

One such newly discovered issue affects only the iPhone 6s and 6s Plus on iOS 9.3.1, as it takes advantage of the 3D Touch functionality on the phone to bypass the lock screen and access contacts and photos. However, now it looks like Apple has fixed the issue on the server end.

Invoking Siri on the lock screen is what triggers the bug. Ask the virtual assistant to search Twitter, and tell it to search for an email address from Gmail or Yahoo. Once it finds one, tap on a result with a valid email address and 3D Touch the email address, so a contextual menu pops up.

That is where you can do an exploit as you will need to create a new contact or add the contact to an existing one. In effect, you are granted access to both photos and contacts on a device without being aware of its passcode.

Image credit: Tech Radar
Image credit: Tech Radar

Ipaderos had, however, come up with a rather simple way of getting rid of the issue yourself. Though, this will cripple the experience that you would otherwise get with 9.3 or iOS 9.3.1 experience. You’ll have to go to the Settings app, go to Touch ID & Passcode, and disable Siri on the lock screen.

Alternatively, you could just remove Photos access from Siri, so that people can’t view any pictures if they take advantage of the flaw. Go to Settings, then Privacy and then Photos to prevent Siri from accessing pictures.

A video was released that shows the bug in action. You can watch it below.

What are your thoughts on the most recent iOS 9.3.1 bug? Let us know in the comments below.

SHARE

LEAVE A REPLY