It seems that users who spend a lot of time looking for ways to bypass an iPhone's lock code never rest. A new method has recently been discovered that takes advantage of a bugs or security breach that would allow an unauthorized user access photos and messages on an iPhone even if it is password protected or Touch ID.
The mentioned bug has been discovered by EveryThingApplePro and iDeviceHelp and would affect any iPhone that has iOS 8 or later installed. The secret of this method is, as it were, to trick or bundle Siri into giving us access to this content, so I am already anticipating what the temporary solution may be to prevent any unauthorized user from seeing our photos or posts.
New bug allows to bypass the iPhone lock code
First of all, it must be explained that in order to replicate this failure, the unauthorized user must have physical access to the iPhone and knowing the victim's phone number. The steps to follow to access the photos and messages of an iPhone without entering the password would be the following:
- We make a call or FaceTime to the iPhone we want to attack.
- We tap on the message icon on the incoming call screen.
- We choose «Custom message» to go to the reply window.
- We activate Siri and say "Activate VoiceOver."
- On the message screen, we double tap on the caller's name field and hold our finger on the second tap.
- We play on the keyboard as fast as we can. We may have to do steps 5 and 6 several times to get the desired effect. If we want to see the messages, here we have to select any contact. If we want to see the photos, we continue with the next step.
- Now we ask Siri to "Turn off VoiceOver."
- We go back to Messages and write the first letter of the name of the person making the call in the top bar.
- We touch the information icon nearby and create a new contact.
- We choose «Add photo». This will make us see all the photos on the reel.
How to protect ourselves from this security breach
I know it is very difficult for them to take me into account, but a couple of months ago I wrote an email to Apple proposing that they modify the way we invoke Siri a bit. What I asked them is that, with everything activated, Siri will only activate on the lock screen if you listen Hey Siri with our voice or press the start button with a finger whose fingerprint is registered. The problem, and that is why I wrote to you, is that in order to have the "Hey Siri" function activated and operational, we have to have access to Siri activated from the lock screen; if we have the latter activated, any finger can invoke Siri.
As long as Apple doesn't do something similar to what I asked, the Solution is to go to Settings / Touch ID and code, put the password and deactivate Siri on the lock screen. The good thing about it if we do it like this, at least on my iPhone 7, is that invoking Siri with a registered finger works, but the bad thing is that we will not be able to use "Hey, Siri" from the lock screen.
The bug is present in the latest beta of iOS 10.2, so we cannot know if it will also be when the final version is released. The good thing that specialized blogs have to publish a bug is that Apple will end up knowing about its existence and we increase the chances that the bug will be corrected sooner. In the meantime, maybe it's best to do like me: my iPhone is only touched by me. So there is no unauthorized user who can access anything of mine (or break my iPhone!). Are you worried about this new security flaw with which they can see all your photos without using the password?
What gibberish to be able to see the photos I take a day, you also need to have the iPhone in someone else's hands for a long time, I don't care about anything (but if they fix it, chapo) !!!