A new security flaw in Apple's iOS 9 enables outsiders to access an iPhone owner's personal photos and stored contacts without knowing the passcode necessary to unlock the phone. News of the vulnerability appears to have originated with a YouTube video posted by a man named Jose Rodriguez, though it was been replicated countless times since the the video went viral.
Normally the owner of any locked iPhone who is unable to remember his or her code simply can't access the contents of their device. But, in the video embedded below, the user enters and incorrect password four times. On the fifth try he begins typing in the wrong code but, before it's able to lock him out, he quickly asks Siri for the time.
When the voice-activated assistant brings up the clock, it's then possble to access the search function and pull up an iPhone owner's contacts, messages and photos through the share screen. The hack can not be used to completely unlock a user's iPhone, iPad or iPod Touch, the Register reported Wednesday, though it does render the passcode irrelevant when it comes to protecting certain personal information.
The easiest fix is to disable Siri on the lock screen by opening the Settings app, going to “Touch ID & Passcode.” From there, find “Allow access when locked” and slide the option next to Siri to off.
Siri is automatically enabled on the lock screen, so many users are vulnerable to this hack without being aware of it. Apple previously stated that more than 50 percent of iPhone and iPad users have updated to iOS 9 since the new operating system was released last week.
Apple has not commented publicly on the matter.