Another day, another iOS security panic. This time, a method for bypassing the passcode lock on an iPhone 6s handset has been found. It's a bizarre method, and something crooks would have unlikely known about (until today, of course), yet given the publicity surrounding the bypass it would be a smart move to arm your iPhone against the security flaw.
Checking if your iPhone's passcode can be bypassed
Good news: since this post was published, Apple has fixed the problem and the issue no longer remains. You can read the original article below.
It's simple enough to test if your iPhone 6s or 6s Plus handset can be bypassed. (It seems that the bypass is actually limited to these models due to their support for 3D Touch; earlier iPhones are unaffected, 9to5mac explains.)
First, lock your iPhone, then invote Siri and say, “Search Twitter.” Then, after Siri asks for the search term, say “at-sign yahoo dot com,” “at-sign gmail dot com,” or any other email domain. As 9to5mac adds, “the goal is to find a tweet containing a valid email address.” Then once the search results are presented on-screen, tap a tweet with a valid email address and then 3D Touch the email address to bring up the pop-up contextual menu.
The website continues:
Tap Create New Contact → add photo in order to view the photos on device. You may be asked to give Siri access to the Photo Library. You can also view contacts on device by use the Add to Existing Contact option instead.
From here, you'll be able to view all photos on the passcode-locked device, as well as all contacts (by using the “Add to Existing Contact” option instead). Both are normally locked-down unless a user has unlocked their iPhone with Touch ID or a passcode.
How to protect your iPhone
Usefully, it's simple enough to protect your iPhone 6s against this bypass, and as 9to5mac explains, there are two ways you can do so.
The first is to disable Siri access to photos, and you can do this by navigating to Settings, Privacy, Photos, and then disabling the Siri switch. Though, as the publication adds, this route isn't going to prevent people from seeing your iPhone's contacts using the aforementioned bypass; to lock these down, you'll need to outright disable Siri at the Lock screen.
To do this, go to Settings, Touch ID & Passcode, and then disable the Siri button. This is indeed a drastic measure to take (most of you will use Siri at the Lock screen often; I know I do), but it will mean crooks won't be able to bypass the passcode lock and access all your images and contacts using the method outlined above. Then once Apple comes up with a permanent fix, you'll be able to re-enable Siri at the Lock screen once again.