If you sometimes let Siri tweet for you, your iPhone’s private contacts and pictures may not be as secure as you think.
Videos of an apparent bug in Apple’s latest software update to the iPhone’s operating system reveal a way to bypass the device’s passcode and get access to the photo library and contact list, if the spy knows the right series of simple steps to get there.
Not everybody’s iPhone is at risk. The loophole only works on iPhone 6s and iPhone 6s Plus phones, which have a screen technology called 3D Touch that reacts to different levels of finger pressure.
And not everybody with that generation of iPhone is exposed. You’re only at risk if you’ve already allowed Siri, Apple’s voice command assistant, to have access to your Twitter account.
But if your phone falls into those groups, then anybody can bypass your lock screen to reach pictures and contacts. A hacker must ask Siri to search Twitter for an email domain like Gmail. By tapping on a tweet with an address and using 3D touch on the email to bring up an additional menu, the hacker can select “Add to existing contacts” to get the full contact list. Clicking on the option to “Choose photo” ushers the user into the device’s photo library.
There’s a simple way to protect your iPhone’s nude selfies from prying eyes: Don’t take nude selfies.
But barring that, you can disable Siri on your lock screen by adjusting the setting under “Touch ID & Passcode,” scrolling down and toggling Siri off.
Apple didn’t respond to TheWrap’s requests for comment, but the company traditionally has been quick to fix bugs like these once they’ve been publicized online.