Menu
Apple fixes iOS lock screen bypass that gives access to photos, contacts

Apple fixes iOS lock screen bypass that gives access to photos, contacts

Via Siri, locked iPhone 6s and 6s Plus devices could have been tricked

Apple has reportedly fixed a vulnerability that could have allowed hackers to bypass the passcode on iPhone 6s and 6s Plus running iOS 9.3.1 in order to access the address book and photos.

The bypass technique was discovered by researchers from German security firm Evolution Security and takes advantage of Siri's integration with apps like Twitter or Facebook and the new 3D Touch feature that's only available on the iPhone 6s and 6s Plus models.

On a locked device, attackers can call up Siri and ask to search for items that contain @ tags using Twitter, Facebook or Yahoo. Then they can locate a string like an email address and use the 3D Touch hard push to bring out the context menu for it.

This menu offers the option to add the email address to an existing contact, therefore providing access to the address book. Then the attacker can choose to change the photo for an existing contact, bringing up the photo gallery.

Apple fixed the vulnerability Tuesday without users needing to install a software update, the Washington Post reported.

This is not the first lock screen bypass that has been discovered in iOS. In this particular case the bug only worked for a limited number of iPhone models in specific configurations, but other techniques patched in the past affected a larger number of devices.

Combined with the default encryption provided by iOS, the lock screen is the primary method of ensuring that user data remains protected when a device is stolen, lost or is temporarily in someone else's possession.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Apple

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Show Comments