A new lock screen bypass has been discovered that allows iPhone users to view contact and photo albums on the iPhone SE, iPhone 6 Plus and iPhone 6s Plus without unlocking the devices with a passcode or Touch ID fingerprint. Miguel of iDeviceHelp in a YouTube video showed the exploit taking advantage of unauthenticated access to Siri via the lock screen, and Siri's access to contacts and photos.
Notably, this is not the first lock screen bypass exploit discovered by users as earlier this year a similar exploit saw users gaining access of the device without Touch ID or passcode. There are several examples of lock screen bypass reported by users on iPhones every year that offer access to Photos, contacts, or entire device without actually unlocking the smartphone.
The new exploit however does require a very particular set of circumstances. For one, Siri should be enabled on the lock screen which helps you gain access to Photos and Contacts without unlocking the device. The attacker should have an extra iPhone to help in gaining access to Photos and Contacts on the locked iPhone.
To begin with, Miguel asks Siri on the locked iPhone "Who am I" on which Siri responds with the details of the user. Once the contact number is available, Miguel does a FaceTime from another iPhone to the iPhone which is locked. From the FaceTime call screen, he chooses Messages on which few message options appear including a custom message option. After the Message app launches, Miguel turns on the VoiceOver option via Siri.
For next few steps, the timing of screen tap is crucial and users may not succeed in just first few attempts. Miguel explains that user has to double tap on the contact info bar while on Message page, and at the same time hold the second tap on the bar. At the same point, user will have to click on the keyboard which should start the exploit. After the exploit works, users should get the text field for contacts after which users can type letters to gain access to contacts stored on the iPhone via the "i" info button located next to the contact. It's worth noting that the iPhone remains locked during the entire exploit. A lock icon is visible on the status bar, indicating the locked status of the phone.
Despite the phone being locked, apart from gaining access to contacts via the Message interface, users can also gain access to photos on the iPhone. For gaining access to Photos, users will have to tap on the "Create new account" option seen inside the Contacts. Once the process to add the new contact begins, users can tap on the "Add photo" to the contact option and the phone offers options to either "Choose Photo" or "Take Photo." On tapping the Choose Photo option, the user can gain access to the Photos stored in the device. We tried using the exploit on an iPhone 6s and we succeeded gaining access to Contacts and Photos.
Apple Insider points out that the new exploit can be done on the iPhone SE, iPhone 6 Plus and iPhone 6s Plus running iOS 10.2 and above. Though, another YouTube channel has claimed that the new exploit can be used to gain access on any iPhone running iOS 8.0 and above.
Apple is yet to comment on the exploit but till then we would recommend users to disable Siri on the lock screen to make it impossible for attackers to gain access, even if the device is locked.