Industry News

Once again, Siri helps attackers bypass your iPhone’s passcode

Over the years iPhones and iPads have been plagued on many occasions by passcode bypasses – a secret method that allows an attacker to unlock your iOS device and access your private data.

It would be nice to think that as we’re now up to iOS 10 that Apple would have prevented such bypasses from working once and for all. But no such luck – for users who have left Siri enabled from the lockscreen at least.

Here is how an attacker could break into your iPhone, even if you have a passcode or Touch ID turned on.

First of all, they need physical access to your switched-on device.

Then, they need to know your phone number. Now, they might know your phone number because they’re an acquaintance of yours, but even if they don’t it’s not a problem. Because all they need to do is activate Siri by holding down the iPhone button’s and ask “Who am I?”

Siri helpfully tells you the phone number being used by the device.

With that information you’re only a few steps away from accessing the owner’s personal photographs, address book and messages.

1. Call the targeted phone.

2.On the targeted phone, click the Message icon and choose to send a custom message as a reply to the incoming call.

3. Tell the phone, via Siri, to “Turn On VoiceOver”. VoiceOver is a built-in iOS feature that provides a gesture-based screen reading functionality to visually-impaired users.

4. Return to the message screen and double-click on the bar where the contact info is displayed, and immediately click on the on-screen keyboard. This may take multiple attempts to get the timing right, but you will know you’ve succeeded when you see the “Photo” icon and other options slide in from the side above the keyboard.

5. You can ask Siri to disable VoiceOver at this stage (because it can be quite irritating!), and after typing characters into the top bar you should be able to access contact details, and create a new contact.

6.Rather than add a new contact’s details, select the “Photo” icon. You should now be able to choose Add Photo and find that you have access to the targeted device’s photo gallery. Selecting contacts on the device should reveal past messages that have been exchanged with the phone’s owner.

So much for it being locked…

The following YouTube video demonstrates the technique, through which an iPhone user’s private photos can be accessed.

As the video points out, the passcode bypass works on iPads just as well as iPhones running the latest version of iOS.

Chances are that Apple will release a security update in due course to shut down this latest passcode bypass, but it would be a brave man who placed money on Apple never suffering from a similar security goof in future.

My advice, therefore, is that you should simply disable Siri on your iDevice’s lockscreen. You can do that by going to Settings / Touch ID & Passcode / Disable Siri on the Lockscreen

Of course, *not* having Siri available when your iPhone is unlocked can be an inconvenience. But remember it’s an even bigger inconvenience for someone who is trying to break into your Apple gadget to find out who you have been communicating with, or snoop on your private photos.

About the author


Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

Add Comment

Click here to post a comment