The latest iteration of Apple’s mobile platform has had a great week with over 50% of all iOS devices now running iOS 9. iOS 9 brought with it a range of new features including iPad multitasking, proactive Siri, improved battery life, and perhaps most importantly, a range of security improvements and fixes.
However, it appears that amongst all of the aforementioned improvements, Apple has unintentionally introduced a lock screen bug. The bug allows a person to gain access to a device’s contacts and photos without the need to enter a PIN number. The bug makes use of Siri's improved functionality and being accessible at the lock screen. If this sounds familiar, that’s because we have seen similar types of attacks in earlier versions of iOS.
While we highly discourage utilizing this bug to gain unauthorized access to a device, if you own an iOS device, it might be worthwhile to see if you can duplicate the bug. For those without an iOS device, check out the video below.
So, how can you protect yourself? Simply disable Siri functionality at the lock screen and this attack can be avoided. To disable Siri at the lock screen head to Settings > Touch ID & Passcode > Scroll down to "Allow Access When Locked" and toggle ‘Off’ Siri.