Security News iOS Flaw Allows Anyone to Bypass iPhone Passcode and Access Photos and Messages

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
A new security flaw discovered in iOS allows pretty much anyone with access to your phone to bypass the passcode protection (it doesn’t even matter if you configured Touch ID or not) and look at your photos or read the existing messages.

Discovered by EverythingApplePro and iDeviceHelps, this glitch uses Siri to break into the device, and all it takes is a few simple steps. What’s more important to know is that the same flaw exists on iOS 8 and newer, including 10.2 beta 3, but Apple is very likely to patch it in the next beta now that it has gone public.

How to reproduce the bug
First and foremost, what you need to do is to find out the phone number of victim’s iPhone, and in case you don’t know it just yet, simply ask Siri “Who am I?” As mentioned, this involves having access to the iPhone you want to break into.

The next step comes down to calling the victim’s phone using the phone number previously obtained from Siri – you can also start a FaceTime call, that will do it too. Click Message and then Custom Message to proceed to the New Message screen when you are allowed to type a reply.

Next, activate Siri using the Home button and say “Turn on Voice Over.” You’ll hear a confirmation message saying “OK, I turned on VoiceOver” and then go back to the message screen.

The next step might not succeed from the first attempt, so you may have to try several times: double tap the bar where you input the caller’s name and then hold, while immediately click on the keyboard. Repeat as many times as needed until you see a slide-in effect on the screen above the keyboard. You can then ask Siri to “Turn off VoiceOver.”

Next, simply type in the first letter of a contact’s name in the top bar, tap the circular “i” icon next to the name, and then create a new contact. Select add photo, choose photo,and you’re in. You should be able to see the gallery just like you’d browse the phone, even though the iPhone is still in the locked state.

Reading messages is possible by simply selecting any contact, and you should be able to see all previous conversations with that contact.

How to protect against the bug
Until Apple fixes this bug, the easiest way to stay safe is to disable Siri on the lock screen. To do this, launch Settings and go to Siri > Access on Lock Screen and toggle the switch to disable.

Apple is most likely aware of the bug already, so expect a fix to be provided in the coming days. The full version of iOS 10.2 will most certainly include a patch against this flaw.

 

Dirk41

Level 17
Verified
Top Poster
Mar 17, 2016
797
Since first YT videos appear months or maybe years ago claiming to unlock iPhone , I disabled everything possible on my lock screen.

It was foreseeable that some could have gone wrong when you can use something from lock screen
 
Last edited:

Shadowave

Level 10
Verified
Aug 10, 2012
474
A new security flaw discovered in iOS allows pretty much anyone with access to your phone to bypass the passcode protection (it doesn’t even matter if you configured Touch ID or not) and look at your photos or read the existing messages.

Discovered by EverythingApplePro and iDeviceHelps, this glitch uses Siri to break into the device, and all it takes is a few simple steps. What’s more important to know is that the same flaw exists on iOS 8 and newer, including 10.2 beta 3, but Apple is very likely to patch it in the next beta now that it has gone public.




This bug is almost the same for Iphone 5 and 6 ( not S ver), where you could unlock the phone and used without any restriction. ( Tested on my old iphone 6
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
A nasty bypass for IOS, for sure security holes which are not been exposed for very long time, may reveal in fast spanning time.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top