iOS 9 lockscreen bypass exposes photos and contacts

Details of a dead-simple iOS 9 lockscreen bypass - that Apple hasn't patched in the iOS 9.0.1 update - have been published on the web.

Apple's iOS 9 contains a serious bug, not fixed in the latest release. Image: ZDNet

Don't misplace your iPhone if you've made the leap to iOS 9. The mobile OS contains a flaw that offers anyone a simple way to bypass the lockscreen and access information on the device such as contacts and photos.

Apple may have introduced a new six-character lockscreen option in iOS 9 and cut the number of guesses available, but the new release also introduces a bug that undermines it entirely. Worse still, the latest update, iOS 9.0.1, released on Wednesday, doesn't fix the bug.

iPhone user Jose Rodriguez posted a step-by-step video detailing how to bypass the lockscreen in iOS 9 and iOS 9.0.1, using a method that takes advantage of Apple enabling its personal assistant Siri on the lockscreen by default.

For privacy and security, change these iOS 9 settings immediately For privacy and security, change these iOS 9 settings immediately Before you do anything on your new iPhone or iPad, you should lock it down. Here are the important tweaks you need to protect your privacy.

The bypass can be reproduced on a device with either a 4-digit or 6-digit passcode.

As Rodriguez noted in a tweet today, the lockscreen bypass still works in iOS 9.0.1, so the only step available to users to mitigate the bug is to disable Siri from the lockscreen.

iOS hasn't been affected by a similar lockscreen bypass for some time but Apple was having problems locking down the feature in 2013 with multiple iOS 6 and iOS 7 lockscreen bypasses discovered that year. Rodriguez found one of the bypasses in iOS 7 that, similarly to the current bug, offered access to contacts.

The iOS 9 lockscreen follows a similar bug fixed in the latest version of Android Lollipop. After Google released a fix for Nexus devices, a security researcher at the University of Texas revealed a bypass that was far more complex to reproduce than the current iOS bypass, though the impact was worse since it gave access to all files and the ability to install malicious apps.

It's been a big week for iOS security with the discovery of a reported 4,000 malware-infected apps on the App Store. The latest bug puts iOS users still on iOS 8 in a tough position: iOS 9 contained fixes for over 100 security bugs in iOS 8, yet iOS 9 remains wobbly in its early days and now suffers from a non-trivial security bug.

Read more about iOS

Show Comments