Apple Siri
[Representational Image] Apple iPhone Lock Screen bug returns, compromises security of contacts and photos In Picture: Apple Siri featurecultofmac.com

A new bug has been detected in Apple iPhones, which can compromise the security of sensitive information stored inside. 

Miguel, the iDeviceHelp YouTube video blogger, has discovered a serious flaw in iPhones, which enables any tech savvy user to hack into the device just by opening the virtual digital assistant, Siri, and bypass the fingerprint-based Touch ID and Passcode to access photos and the contact list.

Also read: Samsung releases official statement to allay fears over Galaxy S7 series safety standards

Actually, this Siri glitch is not new. It was first discovered in April, after Apple released iOS 9.3.1 update to fix a browser freeze bug, but it was later found to be flawed (only for the iPhone 6S and iPhone 6S Plus models).

Apple immediately took note of the severity of the issue, and fixed it within hours after the report made headlines.

Read more: Apple iOS 9.3.1 lockscreen bypass Siri bug status: Company fixes glitch in record time

Now, it has once again re-surfaced in the Siri feature of select Apple iPhones, but through a different access route. For instance, Siri should be enabled on the lock screen in the victim's Apple device and the hacker should have an iPhone of his own to gain access to Photos and Contacts on the locked device.

In the video released by Miguel, he asks Siri on the locked iPhone "Who am I", to which the Siri replies with the owner's details.

Once the contact number is displayed, Miguel launches FaceTime from another iPhone to the victim's iPhone, which is locked.

Apple iPhone Lock Screen bug returns; Siri exploit compromises security of contacts and photos [How to fix it]
Apple iPhone Lock Screen bug returns; compromises security of contacts and photosiDeviceHelp via YouTube

On the FaceTime call screen, Miguel taps Messages, on which a few message options appear, including the custom message option. After launching the Message app, Miguel turns on the VoiceOver option through voice-assistant Siri.

From here onwards, the timing of screen tapping becomes very crucial and tests the hacker's skill. Continuing with the procedure, Miguel double taps on the contact info bar, while on Message page, he simultaneously makes the second tap on the bar.

At exactly that point, he would click on the keyboard to make the first move for the exploit.

Once breached, Miguel goes to the text field for contacts, after which he can type any letters to gain access to all the contacts stored on the iPhone via the "i" info button located just beside the contact.

There he gets the option to add new contact details and to attach a picture to the contact. He also gets access to the photos in the iPhone, thereby compromising the privacy of the iPhone owner.

What makes this really scary is that the iPhone device presumably remains locked during the entire procedure and the victim will never know if his/her phone was accessed by an unauthorised user.

According to some reports, this exploit is limited to iOS 10.2-powered iPhone SE, iPhone 6 Plus and iPhone 6S Plus, but others claim that it can affect all iPhone models running iOS 8.0 or later version.

So far, Apple has not made any official comments with regard to this iPhone Lockscreen glitch.

Is there a way to fix this Lockscreen issue?
This Lockscreen issue can only be patched by a software update. Until Apple releases the security firmware, users have no option but to disable the Siri access to lock screen.

Go to Settings>> scroll down to Siri>> then turn-off "Access to Lock Screen"

Apple iPhone Lock Screen bug returns; Siri exploit compromises security of contacts and photos [How to fix it]
Apple iPhone Lock Screen bug returns; Siri exploit compromises security of contacts and photosiDeviceHelp via YouTube (screen-shot)
Also read
Quick Links