A clever iPhone user uncovered a new exploit in iOS 9 (and 9.0.1) that allows a person—presumably with a list of handwritten steps—to bypass the device's passcode and get into the Contacts and Photos apps.
So unless you have a bunch of selfies you don't want anyone to see, or you use an alphanumeric instead of a four-digit passcode, you probably don't have much to worry about. You can also cripple the exploit by disabling Siri on your lock screen, though you'll lose convenience in the process.
Otherwise, here's Lifehacker's description of how it's supposed to work—some iPhone owners have reported trouble getting the exploit to work as described. First, you have to enter the wrong PIN four times. On the fifth attempt, type in three numbers, then hold down Home to bring up Siri as you type in the fourth number (keep in mind that a typical iOS device will lock you out for a minute if you screw up a PIN five times in a row).
When Siri appears, you ask her (or him) the time. Tap on the time, and then make your way over to the World Clock tab of the resulting screen. Add a new clock, type in a few letters, select them, click the option to share what you're copying, and then select to share it to a text message. You're now in iOS's Contacts app, which should also grant you access to the Photos application as if you were the real, authenticated user of the device you're holding—if you go to change one of the contact's photos, that is.
Got it? It's a bit tricky to figure out, but the original finder of the exploit, YouTube user "videosdebarraquito" also posted a full demo video as well.
On the plus side, it doesn't appear as if you can do anything beyond access a person's contacts or photos—the iPhone technically remains locked throughout the process.
Again, you can disable Siri on your lock screen, but that might not be something that most people are interested in doing. Additionally, all iPhones ship with Siri on the lock screen enabled by default, which means that most, as of right now, are susceptible to the exploit.
This is not the first iOS lock-screen bug we've seen. It happened with iOS 7 and iOS 6, not to mention Android.
Meanwhile, Apple rolled out its first update for iOS 9, which fixes a slide-to-unlock bug, among other things.
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
