Apple might be working on making iOS more secure than ever, but that doesn’t mean there aren’t bugs in the operating system that hackers can exploit to access data on the device. One such newly discovered issue affects only the iPhone 6s and iPhone 6s Plus, as it takes advantage of the 3D Touch functionality on the phone to bypass the lock screen and access contacts and photos.
However, you can fix it yourself while you wait for Apple to roll out a permanent fix.
DON’T MISS: How the biggest data leak in history happened
The issue is rather simple, Ipaderos explains. Invoking Siri on the lock screen is what triggers the bug. Ask the virtual assistant to search Twitter, and tell it to search for an email address from Gmail or Yahoo. Once it finds one, tap on a result with a valid email address and 3D Touch the email address, so a contextual menu pops up. It’s there that you can take advantage of the flaw, as you’ll want to create a new contact or add it to a new contact. This is how you get to both access photos and contacts on a device without knowing the passcode of the phone.
Obviously, there’s a simple fix for it, but one that will temporarily cripple your iOS 9.3 or iOS 9.3.1 experience. You’ll have to go to the Settings app, go to Touch ID & Passcode, and disable Siri on the lock screen. Alternatively, you could just remove Photos access from Siri, so that people can’t view any pictures if they take advantage of the flaw. Go to Settings, then Privacy and then Photos to prevent Siri from accessing pictures – of course, Siri could still ask you for permission to view photos on the device when a user would try to abuse this security issue.
A video showing you the bug in action follows below.