iOS bug exposes photos and messages on locked iPhones


photos in ios 10
It's shockingly easy to get into someone's photos.
Photo: Ste Smith/Cult of Mac

Hackers have discovered a new method to unlock photos and messages on any iPhone, thanks to an iOS security flaw that utilizes Siri and VoiceOver.

iPhones running iOS 8 software and newer are vulnerable to the flaw, which was discovered by EverythingApplePro and iDeviceHelp. The group revealed the hack in a new video that shows you don’t need any coding experience or special hardware to pull it off. All you need is a few minutes alone with a victims iPhone and some help from Siri.

[contextly_auto_sidebar] It appears that the hack can even be pulled off on iOS 10.2, which is still in beta. It’s unclear if that means Apple isn’t even aware of the flaw yet. We asked Apple for more info on an impending fix but have not yet received a comment.

The hack requires that you know the victim’s phone number and have access to their phone. If you don’t know their number, you can get it from Siri by asking their phone, “Who am I?”

Here’s how to do the iPhone hack:

1 – Call or FaceTime the iPhone you want to attack.
2 – Press the message icon on the incoming call screen, then tap Custom Message to go to the reply screen.
3 – Activate Siri and say, “Turn on Voice Over.”
4 – On the message screen, double-tap the field for the caller’s name and hold, then immediately click on the keyboard. (It may take a few tries to successfully trigger the slide-in effect).
5 – Tell Siri to “Turn off VoiceOver.”
6 – Go back to Messages and type in the first letter of a caller’s name in the top bar, tap the ⓘ icon next to it, then create a new contact.
7 – You can now select Add photo and choose a photo to view the iPhone’s photo gallery, even though the device is locked.
8 –To view conversations, select any contact on the iPhone during Step 6.

Protecting against the iPhone hack

The good news is that safeguarding your iPhone is even easier than executing the attack. Simply go to Settings >> Touch ID & Passcode and disable Siri on the Lockscreen.

To protect your photos, you can go Settings >> Privacy >> Photos and then revoke Siri’s access to your pics.


Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.