Apple was hit with a major controversy recently over an alarming Siri bug which allowed anyone to gain access to an iPhone’s contacts and photos. All iPhone 6S and 6S Plus handsets which had been updated to iOS 9.3.1 were vulnerable to the exploit due to 3D Touch.
The passcode bypass flaw detailed by Youtube user Videosdebarraquito is pretty straightforward and could be taken advantage of by anyone with extended access to an iPhone 6S or 6S Plus. First, the attacker has to start up Siri in the lock screen and ask the digital assistant to search Twitter. They’d then have to instruct Siri to look for any email address such as ‘@gmail.com.’
Once Siri finds a tweet with a valid email address, the attacker would then proceed to 3D Touch the ID to pull up the contextual menu. They could then tap on Add to Existing Contact so they can view the iPhone’s contacts or Create New Contact followed by add photo to view images stored away in the handset.
Apple has always touted its enhanced security features to its users and the fact that this entire procedure doesn’t require a password or Touch ID authentication is a major cause for alarm. Thankfully, the brand seems to have understood the scale of the issue and has sent out a fix for it.
Any user who tries to request Siri to root through Twitter now will be prompted to unlock their iPhone first. Apple appears to have also resolved another bug involving the personal assistant. Previously, consumers could ask the tool to enable Night Shift even if Low Power Mode was on, defeating the purpose of the latter to save battery power.
Asking Siri to switch Night Shift on now will prompt it to state that it’ll have to turn off Low Power Mode in order to do so.