iOS 9.0.1 lockscreen vulnerability

Lock screen bypass

iOS 9 badge

iOS 9.0.1 was released by Apple a couple of days ago, alongside the release of tvOS beta 2 and iOS 9.1 beta 2

9.0.1 was issued over-the-air as an intended bug fix installment squelching wifi connection bugs, as well as squaring away some issues with photos, Safari and Alarms.

Last Friday, a report of a lockscreen bypass using a button combo that invokes Siri using the long press gesture on the home button while entering the last 2 keys of a 4 digit pin…

Lock screen keypad

I haven’t been able to reproduce the bypass on a 6 key lockscreen passcode. Keep this in mind: I have witnessed some of the media used in reporting this exploit are doing so using a video that  shows someone performing the technique on an iPhone with TouchID enabled…obviously using the  biometric sensor the way it is supposed to used.

The 4 key lockscreen bypass allows access to contacts and photos.

How can you prevent this from happening?

  1. Disable Siri access on the lockscreen in settings at TouchID
  2. Use a 6 digit passcode?
  3. Don’t let anyone’s paws on your handset.
%d bloggers like this: