Security Experts:

Connect with us

Hi, what are you looking for?


Mobile & Wireless

iOS Lockscreen Bypass Gives Access to Contacts, Photos

Apple’s upcoming updates for iOS will likely include a fix for a new lockscreen bypass technique that can be used to access contact information and photos on locked iPhones and iPads.

Apple’s upcoming updates for iOS will likely include a fix for a new lockscreen bypass technique that can be used to access contact information and photos on locked iPhones and iPads.

The method, discovered by the individuals behind the EverythingApplePro and iDeviceHelp channels on YouTube, requires physical access to the targeted device and Siri enabled on the lockscreen.

First, the attacker needs to figure out the device’s phone number, which can easily be obtained by asking Siri “Who am I?” from the lockscreen. Once Siri provides the number, the attacker initiates a voice or FaceTime call to the targeted device from another phone.

When the call comes in, the attacker presses the “Message” icon and selects the “Custom” option. The iPhone or the iPad will then display a “new message” screen. There is not much a user can do from this screen, but there is a “trick” — the attacker can use Siri to activate the “VoiceOver” accessibility feature, and then double tap and hold the “to” field in the “new message” screen and immediately tap on the keyboard until some new icons appear.

This part of the exploit is not very reliable — the double tap on “to” and the tap on the keyboard may need to be repeated several times until the new icons appear. The VoiceOver feature can then be disabled using Siri.

At this point, typing any letter from the keyboard will bring up contacts under that letter. By pressing the ⓘ icon associated with a contact, the attacker can access that contact’s information and they also get a menu that includes the “Create New Contact” option.

By creating a new contact and tapping the “add photo” icon, the attacker gains access to the targeted iPhone or iPad’s photo gallery. It’s worth noting that the device remains locked this entire time, but the lockscreen bypass does provide access to contact details and photos.

The vulnerability appears to affect all versions of iOS starting from 8.0 and up to the latest 10.2. Both EverythingApplePro and iDeviceHelps have published videos to show how the passcode bypass method works on various types of Apple devices:

Until Apple releases an iOS update that addresses the issue, users can protect themselves against this hack by disabling Siri on the lockscreen.

Several iOS passcode bypass exploits have been disclosed in the past months, including by researchers at Germany-based Vulnerability Lab.

Related Reading: Researcher Proves FBI Wrong With iPhone Passcode Hack

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...