iOS 9.3.1 Security Flaw Allows Access to iPhone 6s/6s Plus Contacts and Photos

After years of bug hunts, Apple’s latest iOS (9.3.1) still has a flaw allowing anyone to bypass the passcode on a limited set of devices, and allows them to access Contacts and Photos. The vulnerability seems to affect only the latest iPhone 6s and 6s Plus handsets, as 3D Touch is needed to replicate the bug (via AppleInsider).

Ios 9 3 1 security flaw

The discovery comes from the same Jose Rodriguez who has uncovered lockscreen bugs before – see the one from last September which works only in certain situations, and the lockscreen bug in iOS 6.1.3 from three years ago.

Youtube video

The flaw exists when asking Siri to “search twitter”. Then, as demonstrated in the video inserted below (I couldn’t replicate it on my iPhone 6), ask Siri conduct another search, this time for “gmail.com” or anything that contains actionable Contacts data, such as an email address. With the data displayed on the screen, using 3D Touch users can tap on “Add to Existing Contact”, which opens the device’s Contacts list. This can be edited and used to access the photos held on the iPhone.

According to Rodriguez, the 3D Touch flaw can also be applied to Siri results for WhatsApp friends-list searches.

Until Apple addresses this flaw, you can protect yourself by restricting Siri’s access to Twitter and Photos. Or you could disable Siri completely, but you may want to reconsider that, as sometimes she can be useful.

Youtube video

Want to see more of our stories on Google?

Add iPhone in Canada as a Preferred Source on Google

P.S. Want to keep this site truly independent? Support us by buying us a beer, treating us to a coffee, or shopping through Amazon here. Links in this post are affiliate links, so we earn a tiny commission at no charge to you. Thanks for supporting independent Canadian media!

Subscribe
Notify of
guest
5 Comments
Oldest
Newest Most Voted
John
John
10 years ago

Can’t replicate on my iPhone 6s. Every time I ask Siri to search Twitter it tells me I need to unlock my iPhone first.

IstvanFekete
IstvanFekete
Reply to  John
10 years ago

Try allowing Siri to access your Twitter account.

John
John
Reply to  IstvanFekete
10 years ago

Riiiight, because I’ve never used it before -_-

Gord Smith ?
Gord Smith ?
10 years ago

…or don’t allow Siri when the phone is locked.

1His_Nibs1
1His_Nibs1
10 years ago

Isn’t this what beta testing is for FFS?!

5
0
Would love your thoughts, please comment.x
()
x