Apple just released iOS 9.0.2.
This new version claims to close the well-publicised Lock screen hole that lets anyone view and edit your contacts, send text messages, and rummage through your photos – without entering your passcode.
If you had an iOS 9 or 9.0.1 device with Siri accessible from your lock screen, you were vulnerable regardless of the type or length or your passcode, and regardless of whether you had turned on TouchID.
We tried the trick on an iPhone running iOS 9.0.1 and confirmed that it worked with a 6-digit numeric and 8-digit alphanumeric passcode.
So, we decided to try it again with iOS 9.0.2.
We tested on an iPhone 6 (the same device used in our previous tests) running the newly-released 9.0.2, again with both a 6-digit numeric and an 8-digit alphanumeric passcode.
Good news: it seems that Apple removed a link in the chain to stop this hack from working, because we weren’t able to skip the passcode and get at contacts and photos as we had before.
Despite the fix, however, we still recommend that you turn off Siri on the Lock Screen.
The more features you have available from your Lock screen, the less locked your Lock screen becomes, and the more that could go wrong.
And Siri has been associated with Lock screen trouble before, so here’s how to turn her off.
How to disable Siri on the lock screen
Go to Settings | Touch ID & Passcode, and under Allow Access When Locked, toggle Siri off:
Some other settings you may want to consider while you’re about it, as configured in the screenshot above (yes, that’s a Naked Security iPhone):
- Set Require Passcode to Immediately.
- Turn off everything you can under Allow Access When Locked.
- Enable Erase Data after 10 failed passcode attempts.
How to turn Siri off altogether
You may want to go all the way, and turn Siri off altogether.
Go to Settings | General | Siri and toggle to off:
Source: nakedsecurity.sophos.com
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.