iOS 9.3.1 Security Flaw Allows Access to iPhone 6s/6s Plus Contacts and Photos
After years of bug hunts, Apple’s latest iOS (9.3.1) still has a flaw allowing anyone to bypass the passcode on a limited set of devices, and allows them to access Contacts and Photos. The vulnerability seems to affect only the latest iPhone 6s and 6s Plus handsets, as 3D Touch is needed to replicate the bug (via AppleInsider).

The discovery comes from the same Jose Rodriguez who has uncovered lockscreen bugs before – see the one from last September which works only in certain situations, and the lockscreen bug in iOS 6.1.3 from three years ago.

The flaw exists when asking Siri to “search twitter”. Then, as demonstrated in the video inserted below (I couldn’t replicate it on my iPhone 6), ask Siri conduct another search, this time for “gmail.com” or anything that contains actionable Contacts data, such as an email address. With the data displayed on the screen, using 3D Touch users can tap on “Add to Existing Contact”, which opens the device’s Contacts list. This can be edited and used to access the photos held on the iPhone.
According to Rodriguez, the 3D Touch flaw can also be applied to Siri results for WhatsApp friends-list searches.
Until Apple addresses this flaw, you can protect yourself by restricting Siri’s access to Twitter and Photos. Or you could disable Siri completely, but you may want to reconsider that, as sometimes she can be useful.

Want to see more of our stories on Google?
P.S. Want to keep this site truly independent? Support us by buying us a beer, treating us to a coffee, or shopping through Amazon here. Links in this post are affiliate links, so we earn a tiny commission at no charge to you. Thanks for supporting independent Canadian media!
Can’t replicate on my iPhone 6s. Every time I ask Siri to search Twitter it tells me I need to unlock my iPhone first.
Try allowing Siri to access your Twitter account.
Riiiight, because I’ve never used it before -_-
…or don’t allow Siri when the phone is locked.
Isn’t this what beta testing is for FFS?!