According to Apple, more than 50% of iPhone and iPad users have already upgraded to iOS 9, which was released to the public just last week. This coming weekend, millions more will take delivery of their new iPhone 6 and iPhone 6s handsets, which will also be running Apple’s latest software.
Unfortunately, all of these users are vulnerable to a simple hack made possible by a serious security flaw in iOS 9.
YouTube user “videosdebarraquito” draw our attention to a major flaw in Apple’s new mobile software. we have since been able to reproduce the resulting hack ourselves on multiple iPhone 6 handsets. The security hole allows people to use Siri to access an iPhone owner’s private data, and it is painfully easy to exploit.
Here’s how it works:
On any PIN-protected device running iOS 9, enter an incorrect PIN four times. On the fifth attempt, enter just three numbers (iOS locks for 1 minute after five incorrect PIN attempts) and then hold down the home button to bring up Siri as you enter the fourth.
We’ll let the video take things from there:
As you can see, this security hole allows anyone to access all of the private photos on a device, as well as all of the contacts. Bear in mind that throughout all of this, the phone is still locked.
Scary though this flaw may be, preventing it is quite simple. All you have to do is disable access to Siri while the phone is locked by opening the Settings app and tapping “Touch ID & Passcode.” Then scroll to the “Allow access when locked” section and slide the toggle next to Siri to off. Siri is enabled by default on the lock screen though, so most users running iOS 9 are currently exposed.
An Apple spokesperson did not immediately respond to a request for comment.