iOS 9 Flaw Lets Anyone Access Your Photos And Contacts

It appears as if iOS 9 adoption is going smoothly compared to past years’ iOS updates, and Apple has actually claimed to have reached a 50% adoption rate among its installed base for it already, although multiple sources say that measurement must be inaccurate. (We’ll cover those other sources in a separate article.) Some are even saying iOS 9 is the most secure version of the operating system yet, with one firm offering a $1 million reward each to three cyber-researchers who can come up with a working jailbreak for it.

iOS 9 Flaw Lets Anyone Access Your Photos And Contacts

Gaping hole in iOS 9 security

But of course as with any OS, there are some huge gaping flaws that must be worked out. The good news is that there’s an easy fix for this latest one located by YouTube user videosdebarraquito.

Zach Epstein of BGR reports that iOS 9 makes all users vulnerable to a very easy hack that’s possible only because of a serious flaw in the new version of the operating system. He reports that videosdebarraquito emailed BGR to explain the security hole in iOS 9, and they were able to reproduce the hack made possible by that flaw on several iPhone 6 devices. Apparently iOS 9 allows hackers to simply use Siri to get into the private information on iOS devices running it, and it’s so easy to do that even entry-level hackers could do it.

How the iOS 9 flaw works

Protecting your iPhone with a PIN won’t even help in this case, because all the hacker has to do is enter the wrong PIN four times. Then on the fifth time, the person puts in only three numbers and holds down the home button, which activates Siri, while putting in the fourth number. iOS is designed to lock for a minute after five wrong attempts at a PIN.

After gaining access to the device, the hacker can do just about anything, including sending text messages to contacts or viewing whatever they want on the device.

We’ve embedded the video below so you can see a demonstration of how the iOS 9 flaw works.

How to fix the iOS 9 flaw

In order to fix the problem, just disable Siri while your iPhone is locked. True, you lose some functionality, but it will keep the device truly locked down by your PIN.

To disable Siri while your phone is locked, go to Settings > Touch ID & Passcode. Then scroll down to the section called “Allow access when locked,” and slide Siri to Off. Currently in iOS 9, the default setting is to enable Siri on the lock screen.