5 April 2016, USA : It might have taken the FBI quite some time to find a way to unlock a shooter’s iPhone 5C, but it turns out to be trivially easy to access contacts and photos stored on the company’s newest flagship, the iPhone 6s.
The trick makes use of Siri and Twitter, and as the owner of a 6s I’ve been able to test this method myself, and can confirm not only that it works, but it’s very simple to implement.
It does require the use of 3D Touch, so if you have an older iPhone you don’t need to worry.
To use the trick, discovered by Jose Rodriguez, you just need to launch Siri from the lockscreen and ask her to search Twitter for an email address. Using a phrase like “Hey, Siri, what’s trending on Twitter with an email address?” worked for me. Once one is found, press down hard on the address to call up the 3D Touch context menu from which you can create a new contact or add to an existing contact.
Not only does this give the attacker access to all of your contacts, but if the Contacts app has permission to access the iPhone’s photo library, they can then also explore your snaps by adding a photo to a new or existing contact.
Users can protect themselves from having their photos accessed with the lockscreen bypass by simply denying Siri and the Contacts app access to their photos within the iPhone’s Privacy settings. But to prevent access to contacts through the flaw requires disabling Siri while the iPhone is locked within the Touch ID and Passcode settings.