Access Private Photos and Contacts Without a Passcode on iOS 9 devices

Below the detailed instructions to bypass the passcode:

• Take the Apple device running the iOS 9  and enter an incorrect passcode four times.
• Depending on the length of your passcode, for the fifth attempt enter 3 or 5 digits and for the last one, press and hold the Home button to run Siri immediately followed by the 4th digit.
• Once Siri appears, ask the assistant for the time.
• Tap the Clock icon to open the Clock app, and add a new Clock, then write anything in the Choose a City field.
• Now double tap on the word you wrote to invoke the copy & paste menu, Select All and then click on “Share”.
• Tap the ‘Message’ icon in the Share Sheet, and again type something random, hit Return and double tap on the contact name on the top.
• Select “Create New Contact,” and Tap on “Add Photo” and then on “Choose Photo”.
• At this point, you’ll now be able to access the entire photo library on the iOS device, which is still locked with a passcode. Now browse and view any photo from the Photo album individually.

Below the video proof of concept for the trick.

Despite such kind of hack doesn’t match the “Eligibility / Conditions” announced by Zerodium, it is interesting to note that is quite easy to bypass the basic security measures implemented by the IT giant for its new born iOS 9

Waiting for a patch, iOS users can disable Siri on the lock screen by modifying the settings of the device from

Settings > Touch ID & Passcode

Once disabled, users will be anyway able to continue using Siri after unlocked their iOS 9 based device.

Edited by Pierluigi Paganini

(Security Affairs – iOS 9, hacking)