Apple’s upcoming updates for iOS will likely include a fix for a new lockscreen bypass technique that can be used to access contact information and photos on locked iPhones and iPads.
The method, discovered by the individuals behind the EverythingApplePro and iDeviceHelp channels on YouTube, requires physical access to the targeted device and Siri enabled on the lockscreen.
First, the attacker needs to figure out the device’s phone number, which can easily be obtained by asking Siri “Who am I?” from the lockscreen. Once Siri provides the number, the attacker initiates a voice or FaceTime call to the targeted device from another phone.
When the call comes in, the attacker presses the “Message” icon and selects the “Custom” option. The iPhone or the iPad will then display a “new message” screen. There is not much a user can do from this screen, but there is a “trick” — the attacker can use Siri to activate the “VoiceOver” accessibility feature, and then double tap and hold the “to” field in the “new message” screen and immediately tap on the keyboard until some new icons appear.
This part of the exploit is not very reliable — the double tap on “to” and the tap on the keyboard may need to be repeated several times until the new icons appear. The VoiceOver feature can then be disabled using Siri.
At this point, typing any letter from the keyboard will bring up contacts under that letter. By pressing the ⓘ icon associated with a contact, the attacker can access that contact’s information and they also get a menu that includes the “Create New Contact” option.
By creating a new contact and tapping the “add photo” icon, the attacker gains access to the targeted iPhone or iPad’s photo gallery. It’s worth noting that the device remains locked this entire time, but the lockscreen bypass does provide access to contact details and photos.
The vulnerability appears to affect all versions of iOS starting from 8.0 and up to the latest 10.2. Both EverythingApplePro and iDeviceHelps have published videos to show how the passcode bypass method works on various types of Apple devices:
Until Apple releases an iOS update that addresses the issue, users can protect themselves against this hack by disabling Siri on the lockscreen.
Related Reading: Researcher Proves FBI Wrong With iPhone Passcode Hack