Menu
Apple fixes iOS lock screen bypass that gives access to photos, contacts

Apple fixes iOS lock screen bypass that gives access to photos, contacts

Via Siri, locked iPhone 6s and 6s Plus devices could have been tricked

Apple has reportedly fixed a vulnerability that could have allowed hackers to bypass the passcode on iPhone 6s and 6s Plus running iOS 9.3.1 in order to access the address book and photos.

The bypass technique was discovered by researchers from German security firm Evolution Security and takes advantage of Siri's integration with apps like Twitter or Facebook and the new 3D Touch feature that's only available on the iPhone 6s and 6s Plus models.

On a locked device, attackers can call up Siri and ask to search for items that contain @ tags using Twitter, Facebook or Yahoo. Then they can locate a string like an email address and use the 3D Touch hard push to bring out the context menu for it.

This menu offers the option to add the email address to an existing contact, therefore providing access to the address book. Then the attacker can choose to change the photo for an existing contact, bringing up the photo gallery.

Apple fixed the vulnerability Tuesday without users needing to install a software update, the Washington Post reported.

This is not the first lock screen bypass that has been discovered in iOS. In this particular case the bug only worked for a limited number of iPhone models in specific configurations, but other techniques patched in the past affected a larger number of devices.

Combined with the default encryption provided by iOS, the lock screen is the primary method of ensuring that user data remains protected when a device is stolen, lost or is temporarily in someone else's possession.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Apple

Slideshows

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

Ingram Micro completed its nationwide roadshow in Auckland last month, kicking off its Innovation Hour series with Hewlett Packard Enterprise. Uncovering the latest in storage, networking and servers, the event outlined key market trends for resellers in 2016 and beyond.

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise
IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

FireEye welcomed 143 channel partners and distributors to FireEye's 2016 annual Partner Conference, FireEye A/NZ Momentum - held at Establishment in Sydney. Delegates heard from senior trans-Tasman channel leaders, marketing and the product divisions in the morning, with FireEye customers, incident responders and threat intelligence analysts sharing knowledge during the afternoon.

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference
​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

With New Zealand businesses now open to innovation, the industry sits on the cusp of significant disruption in the data centre. Driven by software-defined networking, the future of the data centre is fast becoming reality, as the channel seeks to keep up, keep innovating and keep growing. APC by Schneider Electric, Lenovo and key partners outlined how the channel can capitalise at The Grill restaurant in Auckland.

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​
Show Comments