25 September 2015

Huge loophole in iOS 9 bypasses lock screen to grant access to contacts and photos

You’ll never guess the accomplice that enables unauthorized user access on iOS 9 devices. She lives within the system itself.






A potentially massive loophole has been uncovered in the iOS 9 device lock screen, enabling access a user’s contacts and photos without ever having to enter the correct PIN.
In a YouTube video posted by an individual called Jose Rodriguez, he goes through the motions of demonstrating how this can be done by recruiting none other than Apple’s own built-in voice assistant Siri.
Here’s how it appears to work: after entering an incorrect PIN several times, he launches Siri from the lock screen, then simply asks what time it is. When the results show up, there’s a search field at the top of the screen from which he proceeds to further search for information from areas of the iPhone such as the Contacts, Messages and Photos. All of this without ever leaving the lock screen.
It is clear this is a significant loophole that is likely to be addressed by Apple shortly, but in the meanwhile it appears that several areas of the device containing personal information in iOS 9 are open to access.
This flaw only adds to the prevalent issues that have cropped up since iOS 9 was launched recently. In the interim, one recommended method to prevent unauthorised access using this method is to simply disable Siri access on the lock screen.

No comments:

Post a Comment

G20 in India: A Closer Look at the High-Stakes Poker Game

India's Moment in the Spotlight: As the host nation, India has a unique opportunity to shape the G20 agenda and showcase its leadership ...