iOS 9 Flaw: Bypass the iPhone LockScreen to Access Albums and Contacts

iOS 9 Flaw: Bypass the iPhone LockScreen to Access Albums and Contacts

Last week, Apple finally released the new improved iOS 9 to public, just like last year’s iOS 8, users actively upgraded their equipment in the short term, the iOS 9 installation rate has reached 35% so far. But even so, the new system still exists some frustrating flaws, and now the bugs appeared.

iOS 9 allows user to access photos and contacts on a locked device, even with a passcode and / or Touch ID enabled. Obviously, this problem always seem to pop up with every iOS iteration, it is like a never escaped “curse” within each generation iOS.

If you are interested in these flaws, just follow the below steps to bypass the password to access album and contacts on the iOS device:

Step 1: Enter four different incorrect passcode (iOS 9 temp-locks you out after the fifth incorrect passcode entry).

Step 2: Enter 3 digits towards an incorrect fifth passcode, and press and hold the Home button to invoke Siri followed immediately by the 4th digit.

Step 3: The iPhone will be temp-locked for a minute, but not before Siri is invoked.

Step 4: Ask Siri what time it is.

Step 5: Tap the Clock icon to open the Clock app.

Step 6: Tap the + icon in the upper right-hand corner.

Step 7: Type something erroneous in the Choose a City field.

Step 8: Tap in the field to invoke the copy & paste menu, and tap Select All → Share…

Step 9: Tap the Message app icon in the Share Sheet.

Step 10: Type something erroneous in the To field and tap Return.

Step 11: Tap two times on the erroneous contact name in the To field to open the Info page.

Step 12: Tap Create New Contact.

Step 13: Tap Add Photo.

Step 14: Tap Choose Photo.

Step 15: You will now see all of the photos and albums on the device, which is still locked. You can now browse and view each photo individually.

Note: If you’d prefer to see Contacts, tap Add to Existing Contact in Step 12 instead of Create New Contact.

These steps seem not so hard, right? So the guys already installed iOS 9, even if the device has been locked by passcode or Touch ID, others can still view your “Album” and “Contacts” on the device. Of course, just browse them, can not perform other operations, but this is very scary. If you still not clear the steps above, then you can see the video produced by idownloadblog in this article beginning.

Well, how to avoid this flaw. It is possible to prevent this issue by disabling Siri access while your iPhone is locked. If you’re at all concerned about this, I recommend taking this measure until Apple patches this flaw. To disable Siri access from the Lock screen go to Settings → Touch ID & Passcode and turn off the Siri switch under the Allow Access When Locked heading.


Apple currently not yet declare any information about this vulnerability, but is expected they will soon release a system update to patch it.