New iOS 9 exploit exposes your photos and contacts

Your photos and contact list aren't safe on iOS 9.0.1.

Feb 29, 2020, 7:05 pm*

Tech

 

Mike Wehner

People have been coming up with creative ways to sneak around the iOS lock screen for years, and even as Apple squashes each new exploit that comes along, new ones seem to spawn. The latest, which remains an open window in iOS 9.0.1, can give anyone access to the photos, contacts, and other information on your iPhone or iPad in as little as 30 seconds.

First discovered by YouTube user Videosdebarraquito, the trick requires just a few steps to accomplish:

  1. With the passcode screen active, enter the incorrect passcode several times. Five tries are allowed on iPhone, while the iPod Touch takes six tries before locking you out for short cool-down period.
  2. Immediately after you enter the incorrect passcode for the last time, just before the phone enters its temporary lockdown timer, activate Siri.
  3. Tell Siri you need to set an alarm, and then use the pop-up screen to set a new alarm.
  4. Type some text into the label field, highlight it, and then select the “Share” prompt.
  5. From this screen, you can enter the Messaging app, which you can use to browse all the photos on the device, scroll through the contacts list, and poke around in more private areas of the device. 

This is a pretty glaring hole in Apple’s security-minded mobile platform, and while the exploit remains possible in iOS 9.0.1—as well as the current iOS 9.1 developer beta—don’t expect such an easily accomplished trick to remain alive for long. 

Photo via LWYang/Flickr (CC BY 2.0)

Share this article
*First Published: Sep 24, 2015, 3:14 pm