An anonymous YouTube user has discovered a major flaw in the latest version of iOS, which allows access to personal information.
The video was uploaded by YouTube user videosdebarraquito and shows a simple way to completely bypass any security in place on the iPhone 6 and 6s models.
Apple are pretty pedantic when it comes to privacy but it seems that even they are not invulnerable to loopholes and glitches every so often. The newest version of iOS 9.3.1 allows unsolicited access to contacts and photos with a very simple hack. Using a loophole in Siri, it’s possible to bypass any passcode lock on the iPhone 6 and 6s models and get straight into the users personal data. The problem appears to be with the contacts application, which can be accessed via Siri without any kind of authentication.
While we don’t recommend doing it (for obvious reasons), we’ve outlined the flaw below:
- Start the Siri service.
- Ask Siri to search Twitter.
- Tell Siri to search for the end of an email address, eg. “@gmail.com”.
- Find a tweet in the results which has a full email address.
- Click on the email and, using the 3D Touch function, hard press the email address.
- You’ll now be able to add the email as an existing contact.
- Click on this and you’ll have access to all of that phone’s contacts.
- If you choose the “Add new contact” option instead, you’ll also be able to scroll through the saved photos to assign as an image.
It’s a pretty serious flaw and we’re sure that Apple will patch it fairly soon, but it’s worth noting for anybody that owns one of the new devices and received the update.
For more on Apple, visit What Mobile’s dedicated Apple page.
Via QZ.com