Here’s how you can prevent your contacts and photos from being accessed on a passcode locked iOS 9 iPhone
Beware iPhone users that have iOS 9, as it may be possible to access your contacts and photos on a locked device, even with a passcode and/or Touch ID enabled.
To see if there is any security flaw that exists in iOS 9, Jeff Benjamin of idownloadblog.com decided to take a test. He did find security flaw in the iOS and decided to bring it to the attention of people to let them know that people may end up accessing information that they should not be accessing.
However, this does not expose any other contents of your iPhone outside of Contacts and Photos. While people still cannot unlock your device, read your messages, watch videos, etc, this would allow users only to view your contacts and photos (not videos) through a limited interface. Also, the photos cannot be shared or forwarded from your iPhone.
The primary intention of Benjamin to bring this to public is to inform users that a passcode or Touch ID security is not sufficient to keep prying eyes away from your photos and contacts. Also, he hopes that Apple would notice it as a legitimate security flaw and provide a solution to prevent the issue.
Here’s how the security flaw works:
Step 1: Enter four different incorrect passcode (the fifth incorrect passcode entry would temp-locks you out of iOS 9).
Step 2: Enter 3 digits on the incorrect fifth passcode box, and press and hold the Home button to evoke Siri followed instantly by the 4th digit.
Step 3: It will temp-lock the iPhone for a minute, but not before Siri is evoked.
Step 4: Ask Siri what time it is.
Step 5: Tap the Clock icon to open the Clock app.
Step 6: Tap the + icon in the upper right-hand corner.
Step 7: Type something incorrect in the Choose a City field.
Step 8: Tap in the field to evoke the copy & paste menu, and tap Select All ? Share…
Step 9: Tap the Message app icon in the Share Sheet.
Step 10: Type something incorrect in the To field and tap Return.
Step 11: Tap two times on the incorrect contact name in the To field to open the Info page.
Step 12: Tap Create New Contact.
Step 13: Tap Add Photo.
Step 14: Tap Choose Photo.
Step 15: It will show you all the photos and albums that are available on the device, which is still locked. You can now browse and view each photo one by one.
However, if you choose to see Contacts, tap Add to Existing Contact in Step 12 instead of Create New Contact. And it’s done.
Watch the video above to see how it’s done in about a minute.
Do remember that operating systems are unusually complex and every system has flaws. Hence, the need for security updates.
However, this issue can be prevented by disabling Siri access while your iPhone is locked, that is, if you are worried about this flaw. To disable Siri access from the Lock screen, you need to go to Settings ? Touch ID & Passcode and turn off the Siri switch under the Allow Access When Locked heading.