Another flaw plagues the new Apple iPhone 6s and 6s Plus, this time the mobile devices are affected by a Lockscreen Bypass vulnerability that could be exploited by local attackers to access photos, sms, mms, emails, phone app, mailbox, phone settings or access to other default/installed mobile apps.
The vulnerability was discovered by the security firm Vulnerability Lab which reported the issue to Apple in mid-March, but it decided to disclose it last week after the release of the iOS 9.3.1 that hasn’t fixed the problem.
We have read about similar flaws in the past, also in this case the attackers can access data stored on a locked iPhone 6s by using Siri (Speech Interpretation and Recognition Interface) assistant. The attacker can use Siri to conduct an online search for email addresses via Twitter or other mobile app installed on the iPhone 6s, in this way he can bring up a context menu by pressing deeper on one of the email addresses returned by the query.
At this point, the iOS shows a menu that could be used by the attacker to create or update contacts by accessing the entire list of contacts stored on the iPhone 6s. At this point, the attacker can add a photo to that contact by accessing it, a trick that gives it the access to the photos stored in the device.
“A passcode bypass vulnerability has been discovered in the official Apple iOS v9.3.1 for iPhone 6S & iPhone Plus models. The vulnerability allows local attackers to bypass the physical device protection mechanism of the iphone 6s and plus models.” state the advisory published by the Vulnerability Lab. “The security risk of the passcode bypass vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 6.1.”
What happens if the attacker search for an email address that already exists in the contact list?
No problem, the attacker can access options that allow him to send SMS messages and emails anyway.
Below a video PoC of the hack:
The above bypass technique only works on iPhone 6s and 6s Plus phones because it relies on the recently introduced 3D Touch feature which allows users to access various functions of the iPhone with a pressure on the display.
Waiting for a fix let me suggest you to disable Siri or restrict it the access to user data.
(Security Affairs – iPhone 6s, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.