November 27, 2016

Apple devices are known for their security , with the help of strong authentication. Latest iOS version has improved the security of devices by strengthening the passcode and also by adding Two-factor authentication which is an extra layer of security in order to keep your device safe from wrong hands.It is possible to bypass the passcode authentication in few easy steps and finally you can access photos and contacts of your Victim.

Recently New security flaw has been discovered in Ios 9 and newer. These security holes allow the users to bypass the first layer of security i.e : Passcode and gain access to personal information.

This Vulnerability was discovered by EverythingApplePro and iDeviceHelps. According to them with the help of this new vulnerability gives attackers an easy access to your iPhone, including contacts,Photos.

How to Bypass Passcode and Access Photos and Messages of iPhone

This exploit is accomplished with the help of iPhone virtual assistant Siri ,Let’s see how it is done

Step 1 : First of all Attacker need Phone number of Target iPhone , If you don’t have your Target phone number , then Hold your home button of Target iPhone to Activate Siri and ask her “Who am I ” Siri will get back to you along with the Phone Number.

Step 2 : Now you got your Target Phone Number. ASAP, Give a call to your Target iPhone. FaceTime call will also do your Job .

Step 3 : Now click on Message Icon rather than Answering the call , Now go the New Message Screen .

Step 4 : Again , you need to Call Siri by Long pressing Home Button and say “Turn on VoiceOver”

Step 5 : Now in the message screen and double tap on the above bar with contact info and then click on to the Keyboard. To make more clear please watch the video demonstration.

Step 6 : Now, ask Siri to “Turn off VoiceOver,” and click on home button to get into message screen , now type the letter of contact name , After getting into contact info – click on “Create new contact” Go ahead select “Choose Photo”

Step 7 : Now we just have access to the Photos of the Target iPhone without getting passcode , the even phone is locked by the passcode in the background.

Video Demo :

How to Protect your iPhone devices against this security Flaw ?

In two ways you can protect your devices until apple Patches this Flaw.

Method 1 : Disable Siri

Go to Settings → Touch ID & Passcode → Disable Siri on the Lockscreen

Method 2 : Physical access to your device.

This attack need physical access to your device so make sure that your phone doesn’t fall into wrong hands.

Wrap up :

Soon Apple will fix this issue ASAP so just wait for it . But one thing we can conclude is nothing is 100% secure and security lies mainly with the user.