iOS 9 exploit allows access to photos and contacts without unlocking iPhone

[Reefa]

It’s not uncommon for new operating systems to have bugs that need to be worked out, and iOS 9 is proving no exception. There’s a way to take advantage of Siri to access locked devices under iOS 9, without any need for the passcode.

As the video below shows, the hack works by entering an incorrect code several times, then invoking Siri. Once she’s active, ask her for the time. Type a random word in the Choose the City field and share it. Once you share that information, you can also add a photo to a post — which, in turn, opens up the entire Photos library. It’s also possible to create a new contact in order to access the phone’s list of contact information, The Guardian reports.

This might seem like a minor bug, but it actually has significant privacy implications. In the wake of actions by the NSA and other government agencies at home and abroad, it’s clear that issues like this aren’t harmless flaws — they’re exploits that local and federal law enforcement are absolutely willing to exploit in order to gather evidence, even if doing so is illegal. Multiple local police departments have been challenged over their use of stingrays and other devices, and have often chosen to mislead judges over how such devices will be used, assuming they admitted to using them at all. As license plate readers have become more common, law enforcement has explored the idea of allying with private companies that have fewer restrictions on how they gather and keep data.

Users who are concerned about which features of the device are available for use when locked can control these settings from the Touch ID & Passcode section of the Settings” menu. Disabling functions like Siri may be a touch more inconvenient, but it may also prevent any similar hacks from functioning, if any are discovered.

Apple’s recently released 9.0.1 update for iOS 9 does not address this problem, but the upcoming iOS 9.1 (now in beta) may solve it in the not-too-distant future. This is far from the first lock-screen bug to crop up on Apple or Android devices, but the fact that you must possess the device makes it less risky then flaws that give attackers remote access to personal information. For all its features, security in Apple’s latest OS (and to be fair, security in general) remains a work in progress.

extremetech.com

[Flippiff]

I rather have a exploit to unlock ios8 pin code instead of purchasing a black box or swaping out hardware.