Exploit Allows Contact and Phone access via a locked iPhone in iOS 9.0.1

Published: September 28, 2015 5:25 PM /


iOS 9

The latest version of Apple's mobile operating system, iOS 9.0.1, released earlier this week. But, there's already an exploit has been found allowing access to photos and more without the unlock code. This is not a full bypass thankfully, so using this exploit only gives someone access to the phones contacts and photos. Keep in mind the chance of someone stumbling upon this is extremely low.


The video above demonstrates the steps that required to complete this bypass. The steps are as follows:

1) Enter in the passcode incorrectly until it disables

2) Hold down the home button for Siri and ask to see the time

3) Press the '+' button to bring up the search feature

4) Use search to get into iMessage

At this point any user can get access to any of the contacts or pictures of the phone.


According to reports this exploit doesn't work on every iOS 9.0.1 device. There is also a simple fix for this bypass and it is to disable Siri's access from the lock screen. To do this you need to follow these simple steps:

1) go to your iPhone settings

2) choose "Touch ID and Passcode"

3)  Enter your lock code

4) scroll down and disable the setting for "Allow access when locked".

Two instances that this doesn't work are for iPhone 6/6+ or if you don't have TouchID enabled. As of this time I have been unable to check for myself on either of these cases.

If any readers of this article have an iPhone 6/6+ feel free to try out the exploit and comment below so that I could update the article.

Quick Take

There are always exploits in any new software released and iOS is no different. The bugs are big but if there is no wide adoption then there is little to worry about. It reminds me a lot of the old bypass to get past the lock in Windows 95.

What do you think of this new exploit in iOS 9? Are you worried about it or do you think it's too obscure to pose any issues?


Have a tip, or want to point out something we missed? e-mail us at [email protected] or join us on Discord!