iPhone users have yet another screenlock bypass vulnerability to watch out for, according to a new video demonstration that shows how the bug can be exploited to gain unauthorized access to photos and contacts.

The hack reportedly works on iOS version 9.0.1, which Apple released Wednesday, although some people say they are unable to reproduce it. The vulnerability makes it possible for someone who gets even a brief moment with an iPhone to rifle through contacts and photos without entering the password. Here it is in action.

Beware! iOS 9 & iOS 9.0.1 – Security Flaw – Passcode Bypass. Turn Off Siri on Lockscreen to be Safe.

It works by entering an incorrect password four times. Then, immediately after the incorrect password is entered for the fifth time, the attacker holds down the home button before the device can lock the attacker out. The Siri personal assistant pops up and the attacker uses it to bring up the inbuilt clock. The attacker then taps the clock and presses the + icon, giving access to search capabilities. From there, the attacker gets access to iMessage.

Read 2 remaining paragraphs | Comments

See original – 

How hackers can access iPhone contacts and photos without a password