New iOS 9 flaw lets you bypass the passcode, access photos on an iPhone

26 Sep 2015 | Author: | No comments yet »

Hackers Found a Sly Way to Look at Photos on a Locked iPhone.

Apple doesn’t have a perfect track record when it comes to giving hackers access to locked iPhones. A clever iPhone user uncovered a new exploit in (and 9.0.1) that allows a person—presumably with a list of handwritten steps—to bypass the device’s passcode and get into the Contacts and Photos apps.

LOS ANGELES — Siri, Apple’s personal digital assistant, has gotten chattier and more clever with Apple’s new iOS 9 mobile operating system upgrade. So unless you have a bunch of selfies you don’t want anyone to see, or you use an alphanumeric instead of a four-digit passcode, you probably don’t have much to worry about.

Speaking to Siri to help open the Clock app, and then clicking through, allows people unfettered access to the Photos and Contacts app, potentially making available personal data. But this week, security researchers discovered a downside to Siri’s new intelligence. iOS 9 lets users access Siri from the lock screen, and if you work that access right, you can use it as a way to add contacts or even access the camera roll. It’s a tricky attack, unlikely to be deployed widely, but some are already speculating that it could be used by police to inspect a suspect’s phone without having to bother with the code.

Otherwise, here’s Lifehacker’s description of how it’s supposed to work—some iPhone owners have reported trouble getting the exploit to work as described. As the hackers show in a video below, you must enter the wrong passcode four times, and when you enter it a fifth time, you have to hit the home button immediately so that the phone does disable itself. On the fifth attempt, type in three numbers, then hold down Home to bring up Siri as you type in the fourth number (keep in mind that a typical iOS device will lock you out for a minute if you screw up a PIN five times in a row). You can say silly things like, “Flip a coin,” or “roll the dice” and get appropriate answers; look up Wikipedia entries like “Show me the Orion Constellation”; or eliminate keystrokes by asking her to find photos on your device.

You can have Siri update your Facebook status, and dictate the copy, have her play you your favorite podcast, locate a review of a new movie, or book a reservation for a party of four at a restaurant (via Open Table.) When Siri was first introduced on the iPhone 4S in 2011, she was a novelty who was more fun to play with — “Siri, how old are you?” — than a source of relevant information. Another way of keeping the phone safe is by using a longer, alphanumeric password, rather than the four or six digit passcodes that are set up by default.

An unlocked iPhone can now tether to a computer with just a single click — no password necessary — allowing the computer to copy emails, photos, and texts whenever it’s connected, even when it’s locked. Neither of these attacks is particularly scary (they’re certainly nothing compared to Stagefright or Android’s persistent patching issues), but they suggest an old dynamic that many thought Apple had put behind it.

On the plus side, it doesn’t appear as if you can do anything beyond access a person’s contacts or photos—the iPhone technically remains locked throughout the process. A dictated e-mail is not going have the words 100% right, and you’ll have to fix it, and when I asked for the Oregon photos it heard me as requesting “Morgan.” Follow USA TODAY tech columnist and #TalkingTech host Jefferson Graham on Twitter, where he’s @jeffersongraham, and listen to his daily audio tech reports on Stitcher and TuneIn.

That tendency has hurt the company before, most notably in the Celebgate leaks, which used social engineering to exploit an overly pliant iCloud customer service system.

Here you can write a commentary on the recording "New iOS 9 flaw lets you bypass the passcode, access photos on an iPhone".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site