Two days ago, Zerodium Security had announced a bug bounty for 1 Million Dollars for finding hacks for iPhone and iPads. The zero-day Acquisition Firm encourages bug hunters, researchers and hackers to discover flaws and exploit Apple’s iOS 9. The attacker must compromise a non-jailbroken iOS device through: A web page, In-app browsing action, text message or MMS.
“The whole exploitation [or] jailbreak process should be achievable remotely, silently, reliably, and without requiring any user interaction except visiting a webpage or reading an SMS [or] MMS,” says Zerodium.
Yesterday, a hacker figured out a simple way to bypass a locked iOS device running iOS 9 that allowed the hacker to access photos and contacts in 30 seconds. To bypass the passcode on any iOS 9 you will be using Apple’s personal assistant Siri.
The first step is to enter an incorrect passcode. As the device locks up after the fifth attempt do it wrongly for four times and as for the fifth enter 3 or 5 digits – this depends if you are using a 4 or 6 digit passcode – and the last digit press it while pressing the home button to activate Siri. Ask Siri for the time and open the Clock application. If you managed to reach this step, everything is simple. Hit the “+” sign to add a new clock and write something randomly. Double tap to select all you wrote and hit share. Choose the Message app and again type something random as the contact. Double tap and select all and choose “Create New Contact”, then select “Add photo” and the entire photo library is at your disposal. Keep in mind that the phone is in lock up mode, yet you are scrolling through pictures and even through contact details.
To protect your iOS device all you have to do is to disable Siri on the lock screen from Settings>Touch ID and Passcode. After you disabled this, you can only use Siri after you’ve unlocked your iOS device.