Apple fixes iPhone hack that meant anyone could access photos and contacts


A spokesperson for Apple has confirmed that a bug which enabled hackers to access contacts and photos stored on an iPhone without the need of a passcode has now been fixed.

Apple told the Washington Post Tuesday that it had rolled out a fix which would be effective immediately and would be in place without the need of a software update.

Because the exploit required the use of 3D Touch, a feature on iPhone 6S and 6S Plus that allows users to quickly open links and access shortcuts, it was thought that only newer devices were affected.

The security exploit, the details of which were first highlighted in a YouTube video, used a combination of 3D Touch and Siri to gain access to the phone.

The video showed how someone could bypass the fingerprint Touch ID and passcode to unlock the screen by opening the Apple’s virtual assistant, Siri.

In the video, the user asks Siri to open Twitter on a locked iPhone 6S. Siri responds by listing recent Twitter chats, without asking for authorisation.

The user was then able to gain access to the Quick Actions menu of 3D Touch, where he asked Siri to create a new contact by using the Add to Existing Contact option.

The next step involved the user being asked he wanted to add an image to the new contact and it was here where he was able to gain access to all the images on the phone.

This isn’t the first time that users have uncovered ways of gaining access to an iPhone using Siri.

In September a similar iPhone hack was discovered that allowed someone to gain access to photos by asking the virtual assistant for the time.

Although Apple has said that the most recent bug has now been fixed, you can prevent any potential instances like this from happening in the future by disabling the option that allows Siri to be used when an iPhone is locked.

This can be done by going to Settings > Touch ID & Passcode > Allow Access When Locked.



Comments are closed.