Apple does a pretty stand up job of trying to keep iOS as secure as possible, and when it is made aware of a security hole Apple tends to be fairly quick at not just plugging the gap, but also getting the update out to as many iPhone and iPad owners as possible.
So when we were shown a video of an iPhone running the latest iOS 10.2 being tricked into giving someone access to the Camera Roll and Contacts app all whilst remaining locked, we took notice. The 4 minute video demonstrates how exactly anyone, I repeat, anyone can access your locked iPhone without having to deal with the passcode.
The video shows a locked iPhone running iOS 10.2 and a passcode set, with the video maker then proceeding to access photos, telephone numbers, email addresses and possibly physical addresses within the phone without ever having to enter a PIN, passphrase or other method of authentication. That’s a little scary, to say the least.
As has been the case with these kinds of things in the past, it appears that the loophole in Apple’s latest iOS version can once again be traced back to Siri, as has been the case many times in the past.
In this case it starts by invoking Siri to inquire about who the phone belongs to, “who am I?” to be specific. That done, you can then use any other phone to place a call on the locked phone, and instead of answering the phone simply hit the Message button to reply with.
From that point on it’s a case of creating a custom text reply and then going from there. There’s a fair bit of tapping required in order to get the kinds of results the video shows, and while it seems impossible to launch apps this way, we probably wouldn’t want anyone with access to our iPhones to be able to thumb through the photos saved within it without our permission.
Check the video embedded below and form your own opinion, but there is one sliver of good that came out of all of this regardless – Apple has now been informed of the issue, that by the way works on most iOS versions, including iOS 10.1.1 and iOS 10.2, and is presumably investigating it. Expect a patch to be rolled into iOS sooner rather than later.