Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
iPhone 6s security flaw lets anyone bypass the passcode and access contacts and photo
#1
It might have taken the FBI quite some time to find a way to unlock a shooter's iPhone 5C, but it turns out to be trivially easy to access contacts and photos stored on the company’s newest flagship, the iPhone 6s.
The trick makes use of Siri and Twitter, and as the owner of a 6s I’ve been able to test this method myself, and can confirm not only that it works, but it’s very simple to implement.

It does require the use of 3D Touch, so if you have an older iPhone you don’t need to worry.
To use the trick, discovered by Jose Rodriguez, you just need to launch Siri from the lockscreen and ask her to search Twitter for an email address. Using a phrase like "Hey, Siri, what's trending on Twitter with an email address?" worked for me. Once one is found, press down hard on the address to call up the 3D Touch context menu from which you can create a new contact or add to an existing contact.
Not only does this give the attacker access to all of your contacts, but if the Contacts app has permission to access the iPhone’s photo library, they can then also explore your snaps by adding a photo to a new or existing contact.
You can watch a video of the trick in action (in Spanish) below.
https://youtu.be/Jk7GaO_vAW8
It’s possible to protect yourself from an attacker viewing your photos by denying Siri and Contacts access to your image library. Go to Settings > Privacy > Photos and disable the option there.
You can also prevent access to Contacts from the lockscreen by going to Settings > Touch ID & Passcode and disabling Siri there.
You could, of course, also just ensure that no one picks up and uses your phone without your knowledge.


source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Low-Detection Phishing Kits Increasingly Bypass MFA Mohammad.Poorya 0 1,099 02-04-2022 , 05:29 PM
Last Post: Mohammad.Poorya
  New macOS zero-day bug lets attackers run commands remotely mrtrout 0 792 09-21-2021 , 09:48 PM
Last Post: mrtrout
  Hacktivists Breach a Security Company, Get Access to 150,000 Camera Feeds mrtrout 0 1,009 04-01-2021 , 12:09 AM
Last Post: mrtrout
  Update Kaspersky were able to find a small flaw guardian 0 1,250 04-06-2020 , 10:23 AM
Last Post: guardian
  VPN bypass vulnerability in Apple iOS sidemoon 0 1,634 03-26-2020 , 08:53 PM
Last Post: sidemoon



Users browsing this thread: 2 Guest(s)