Skip to main content

Apple fixes bug that let Siri bypass passcode to access Contacts and Photos

Apple has fixed a security flaw that let Siri access Contacts and Photos from the lockscreen for devices running iOS 9 and above.

The vulnerability was discovered by YouTuber Jose Rodriguez, and only affects the iPhone 6S and the 6S Plus as it involves 3D Touch. In the video, Rodriguez initiates a Twitter search via the “Hey Siri” feature, without unlocking the phone. His search of a contact brought up contact information, allowing him to press down on it with 3D Touch to bring up a Quick Actions menu.

Recommended Videos

The Daily Dot found that you can ask Siri to search Twitter for “@gmail.com” or any other second half of an email address to pull up a contact’s informatiom. When you see a tweet with an email address, that’s when you can bring up the Quick Actions menu.

Rodriguez then taps “Add to Existing Contact,” which brings up his entire Contacts list, and he follows that by tapping on a contact and hitting “Add Photo,” which then offers full access to his photo library.

Essentially, Rodriguez shows the flaw could offer someone else using a locked device access to Twitter contact information, your contacts, and your photos. Do note that it’s only possible to access if you have granted Siri access to Contacts, Photos, or Twitter account information.

It also seemed to vary as to whether you can access this Twitter search without providing a passcode — most of the time Siri asked for a passcode, but some times it randomly went ahead with the search.

An Apple spokesperson says the issue was fixed this morning, and the fix is rolling out server side globally.

If you’re still wary, you can turn off Siri’s access to search Twitter by heading to Settings, finding Twitter, and toggling Siri off.

Julian Chokkattu
Former Mobile and Wearables Editor
Julian is the mobile and wearables editor at Digital Trends, covering smartphones, fitness trackers, smartwatches, and more…
Apple could finally fix Siri on iPhones with help from Google’s Gemini
Gemini Live on an iPhone.

“Find me a decent coffee shop where I can sit and get work done?” I uttered into my iPhone’s mic. 

“I’ll need to use ChatGPT to write that.” That was Siri’s response in my interaction with Apple’s voice assistant just over a week ago. Google’s Gemini assistant helped me the way I expected it to. 

Read more
I’m using Perplexity iOS Voice Assistant on my iPhone, and it’s better than Siri
Using Perplexity Assistant on an iPhone.

“Hey Siri, book me a table for four people, 7 PM, at Blue Tokai coffee shop in New Friends Colony.”

“Do you want me to use ChatGPT to answer that?”

Read more
iOS 18.4 bug is bringing old deleted apps back from the dead
iPhone 13 mini updating to iOS 18.4.

If you've seen an old app floating around on your phone that you could have sworn you got rid of months ago -- it's not just you. Users on Reddit and Apple's Community Support forum have been reporting ghost apps trying to reinstall on their phones after updating to iOS 18.4.

Spotted by MacRumors, it appears this bug has started causing old deleted apps to resurface over the past 24 hours. Most of the reports on Reddit seem to be focused on gaming apps such as Call of Duty, Squid Game, Asphalt Legends, and Cooking Mama, though there are a few other app types mentioned as well.

Read more