iPhone 6s security flaw lets anyone bypass the passcode and access contacts and photos
It might have taken the FBI quite some time to find a way to unlock a shooter's iPhone 5C, but it turns out to be trivially easy to access contacts and photos stored on the company’s newest flagship, the iPhone 6s.
The trick makes use of Siri and Twitter, and as the owner of a 6s I’ve been able to test this method myself, and can confirm not only that it works, but it’s very simple to implement.
It does require the use of 3D Touch, so if you have an older iPhone you don’t need to worry.
To use the trick, discovered by Jose Rodriguez, you just need to launch Siri from the lockscreen and ask her to search Twitter for an email address. Using a phrase like "Hey, Siri, what's trending on Twitter with an email address?" worked for me. Once one is found, press down hard on the address to call up the 3D Touch context menu from which you can create a new contact or add to an existing contact.
Not only does this give the attacker access to all of your contacts, but if the Contacts app has permission to access the iPhone’s photo library, they can then also explore your snaps by adding a photo to a new or existing contact.
You can watch a video of the trick in action (in Spanish) below.
It’s possible to protect yourself from an attacker viewing your photos by denying Siri and Contacts access to your image library. Go to Settings > Privacy > Photos and disable the option there.
You can also prevent access to Contacts from the lockscreen by going to Settings > Touch ID & Passcode and disabling Siri there.
You could, of course, also just ensure that no one picks up and uses your phone without your knowledge.