Click to Skip Ad
Closing in...

Huge iOS 9 security flaw lets anyone see your photos and contacts without a PIN – here’s how to stop it

Published Sep 23rd, 2015 9:45AM EDT
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

There’s a lot to love in Apple’s newly released iOS 9 software. We told you about all of iOS 9’s best new features in an earlier article, and we also showed you 25 great hidden iOS 9 features that you really need to know about.

Now, it’s time to discuss iOS 9’s worst new feature: A major security flaw.

DON’T MISS: iPhone 6s: The 10 most important new features

According to Apple, more than 50% of iPhone and iPad users have already upgraded to iOS 9, which was released to the public just last week. This coming weekend, millions more will take delivery of their new iPhone 6 and iPhone 6s handsets, which will also be running Apple’s latest software.

Unfortunately, all of these users are vulnerable to a simple hack made possible by a serious security flaw in iOS 9.

YouTube user “videosdebarraquito” contacted BGR via email to draw our attention to a major flaw in Apple’s new mobile software. BGR has since been able to reproduce the resulting hack ourselves on multiple iPhone 6 handsets. The security hole allows people to use Siri to access an iPhone owner’s private data, and it is painfully easy to exploit.

Here’s how it works:

On any PIN-protected device running iOS 9, enter an incorrect PIN four times. On the fifth attempt, enter just three numbers (iOS locks for 1 minute after five incorrect PIN attempts) and then hold down the home button to bring up Siri as you enter the fourth.

We’ll let the video take things from there:

As you can see, this security hole allows anyone to access all of the private photos on a device, as well as all of the contacts. Bear in mind that throughout all of this, the phone is still locked.

Scary though this flaw may be, preventing it is quite simple. All you have to do is disable access to Siri while the phone is locked by opening the Settings app and tapping “Touch ID & Passcode.” Then scroll to the “Allow access when locked” section and slide the toggle next to Siri to off. Siri is enabled by default on the lock screen though, so most users running iOS 9 are currently exposed.

An Apple spokesperson did not immediately respond to a request for comment.

Zach Epstein Executive Editor

Zach Epstein has been the Executive Editor at BGR for more than 15 years. He manages BGR’s editorial team and ensures that best practices are adhered to. He also oversees the Ecommerce team and directs the daily flow of all content. Zach first joined BGR in 2007 as a Staff Writer covering business, technology, and entertainment.

His work has been quoted by countless top news organizations, and he was recently named one of the world's top 10 “power mobile influencers” by Forbes. Prior to BGR, Zach worked as an executive in marketing and business development with two private telcos.