A Spanish researcher by the name of Jose Rodriguez has found a way to crack into iPhones running iOS 9.3.1 by using Siri, reports AppleInsider. The Siri app needs to be configured to allow search integrations for Twitter, Contacts and Photos for the crack to work.
Rodriguez uploaded a video to YouTube showing the himself performing the crack on the iPhone 6s. iPhone users can perform the crack by calling up Siri (done by holding down on the home button) and using Siri to search Twitter for some sort of actionable contact information item. Then, 3D Touch is used to bypass the passcode.
This means that if Siri performs a Twitter search and finds an email address, then an iPhone user can deep press on an email address (activating 3D Touch and opening up the contextual menu) which gives access to the iPhone’s contact list. If configured correctly, photos can also be accessed through the same loophole, a glaring vulnerability in the iOS security ecosystem.
If you wish to turn off Siri’s ability to search Twitter and block the vulnerability, it can be done by navigating to Settings and then the Twitter sub menu option. From here, just turn off Siri. If you wish to make sure your iPhone’s photos are not accessible with this loophole, you can stop Siri from accessing your photos by going to Settings, then the Privacy sub menu. From here, click on the Photos option and turn off Siri.
The vulnerability is shown being carried out in the video below. An iPhone user must have first given Siri permission to search Twitter before it can happen.
