iOS 10 Problems: This iPhone Lock Screen Exploit Lets Hackers Access Your Sensitive Info, But Here's A Quick Fix

Anu Passary, Tech Times 19 November 2016, 10:11 am

iPhone users on iOS 10 have a new issue to deal with: a lock screen exploit that enables hackers to gain access into a user's personal data.

The exploit in question was shared by iDeviceHelp, a YouTube channel, which shared a video that gives a detailed look into the process. With precise timing and access to an iPhone (that has Siri enabled on the handset's lock screen), the lock screen of the smartphone can be bypassed with ease, giving unrestricted access to the protected data of the user such as photos, message logs, contacts and so on.

This exploit of bypassing the lock screen/passcode works on any iPhone that runs iOS 8 or above.

How Does The Exploit Work?

The hacker will need physical access to an iPhone that has Siri enabled on the device's lock screen.

Step 1: The hacker calls the iPhone they wish to gain access into. If the hacker does not know the number they can query Siri "Who am I?" to get the same. Making a FaceTime call to the iPhone is just as effective.

Step 2: Then the hacker opts for the Message option in the incoming screen, then chooses Custom. This opens the screen where one can respond to the call with a message.

Step 3: The Voice Over mode is enabled next by instructing Siri to "turn on voice over." This basically enables the accessibility feature, which reads out the items on the display.

Step 4: This is the tricky bit and requires precision in timing. The hacker then has to double tap the name of the person messaged and simultaneously hold it, as well as click immediately and tap on a random key in the keyboard.

Step 5: This opens the "to" field, which lets one sift through the existing contacts in the iPhone.

This way the hacker can break into the iPhone. If they press the "i" icon located next to the contact, it will show all the details of that specific contact. This then enables the hacker to create a new contact. By tapping into the new contact one can choose to add a photo, which enables the hacker to access all the photos in the camera roll!

The YouTube video below from iDeviceHelp shows how the exploit works.

Quick Fix

If you do not want people to bypass the lock screen security of your iPhone with this exploit, here's what you can do: disable Siri from your iPhone's lock screen.

How To Disable Siri From Lock Screen

Here's a guide to help you do the same.

Open the Settings on your iPhone and navigate to the Touch ID and Passcode option. Enter your passcode and then scroll to "Reply with Message" option. Turn the toggle off.

This will not allow you to reply to a message from your iPhone's lock screen, alleviating the concerns.

You can also disable Siri's access to the lock screen by simply going to Settings > Siri and then scrolling to the Access on Lock Screen option. Toggle this off.