Bug allows access to photos on an iPhone even if it is locked

It seems that users who spend a lot of time looking for ways to skip an iPhone lock code never rest. Recently a new method has been discovered that takes advantage of a bug or security breach that would allow an unauthorized user access photos and messages on an iPhone even if it is password protected or Touch ID.

The bug mentioned has been discovered by EveryThingApplePro and iDeviceHelp and It would affect any iPhone that has iOS 8 or later installed. The secret of this method is, so to speak, trick or mess with Siri to give us access to this content, so I am already telling you what the temporary solution may be to prevent any unauthorized user from seeing our photos or messages.

New bug allows skipping iPhone lock code

First of all, it must be explained that in order to replicate this fault, the unauthorized user must have physical access to the iPhone and know the victim's phone number. The steps to follow to get access to the photos and messages of an iPhone without entering the password would be the following:

  1. We make a call or FaceTime to the iPhone we want to attack.
  2. We tap on the message icon on the incoming call screen.
  3. We choose "Custom Message" to go to the response window.
  4. We activate Siri and say “Activa VoiceOver”.
  5. On the message screen, we double-tap in the name field of the caller and keep our finger on the second press.
  6. We play on the keyboard as fast as we can. We may have to do steps 5 and 6 several times to achieve the desired effect. If we want to see the messages, here we have to select any contact. If we want to see the photos, we continue with the next step.
  7. Now we ask Siri "Deactivate VoiceOver".
  8. We return to Messages and write the first letter of the name of the person making the call in the top bar.
  9. We touch the information icon nearby and create a new contact.
  10. We chose “Add photo”. This will make us see all the photos of the reel.

How to protect us from this security flaw

I know it is very difficult to be taken into account, but a couple of months ago I wrote an email to Apple proposing that they modify a little the way we invoked Siri. What I asked you is that, with everything activated, Siri will only be activated on the lock screen if you listen "Hey Siri" with our voice or press the start button with a finger whose fingerprint is registered. The problem, and that's why I wrote them, is that in order to have the “Hey, Siri” function activated and operational, we have to have Siri access activated from the lock screen; if we have activated the latter, any finger can invoke Siri.

As long as Apple doesn't do something similar to what I asked for, the solution is to go to Settings / Touch ID and code, put the password and disable Siri on the lock screen. The good thing about it if we do it like that, at least on my iPhone 7, is that invoking Siri with a registered finger works, but the bad thing is that we can't use “Hey, Siri” from the lock screen.

The bug is present in the latest iOS 10.2 beta, so we cannot know if it will be when the final version is released. The good thing is that specialized blogs publish a bug is that Apple will end up knowing its existence and we increase the chances of the bug being corrected sooner. Meanwhile, maybe it's best to do like me: my iPhone is only touched by me. So there is no unauthorized user who can access anything of mine (or break my iPhone!). Are you worried about this new security flaw with which all your photos can see without using the password?

The best accessories for your iPhone

Are you looking for a new case for your iPhone? An accessory for the Apple Watch? Maybe a Bluetooth speaker? Do not miss these offers on accessories and get the most out of Apple's mobile: