Ask Siri to bypass your passkey on Apple iOS v9.0, v9.1 & v9.2.1

Update: Multiple people have disproved this. It looks from the video that he might be using TouchID instead. So its not a bypass at all.

Original Post follows:

Four new ways to bypass the Passkey lock for iOS versions have just been released by Benjamin Kunz Mejri of Vulnerability Lab. Full write up here

Just ask Siri to do it.

The first and second passkey bypass works on iPhone models: 5, 5s, 6 and 6s. Both bypass use the Siri interface with different methods. The first uses appstore link it (She?) gives you, and the second uses 'Timer' module button on the bottom.

The third bypass only works on iPads and the weather app needs to be disabled by default.

The fourth bypass affects every version stated here, iPhones (5, 5s, 6 & 6s) and iPads (1 & 2) but also needs the weather app disabled.

All of the bypasses share a common trait in that you have to open a "restricted browser window" and then you click on updates and open the last app or push the home button twice to let the task slide preview appear. Then choose the active front screen task.

How to secure your device: turn off Siri!

The vulnerabilities can be temporarily patched by hardening of the device settings. Deactivate in the Settings menu the Siri module permanently.

  • Deactivate also the Events Calender without passcode to disable the push function of the Weather Channel LLC link.
  • Deactivate in the public control panel with the timer and world clock to disarm exploitation.
  • Activate the weather app settings to prevent the redirect when the module is disabled by default in the events calender.
  • And wait for Apple to publish a fix for this.

Example of the first bypass to replicate:

  1. Take the iOS device and lock the passcode to the front
  2. Open Siri by activation via Home button (push 2 seconds)
  3. Ask Siri to open a non existing App
    Note: "Open App Digital (Öffne App Digital)
  4. Siri responds to the non existing app and asks to search in the appstore
  5. Now, and "open App store" button becomes visible to push (do it!)
  6. A new restricted browser window opens with the appstore buttom menu links
  7. Click to updates and open the last app or push twice the home button to let the task slide preview appear
  8. Now choose the active front screen task
  9. Successful reproduce of the passcode protection bypass vulnerability!

(Full disclosure, I have not tested this, as I do not personally own an iPhone, I am just sharing what has been posted online, to keep everyone informed of ways to improve their security. If this bypass works, please let me know in the comments)

Tim Coombs

Administrator of Slowb.ro and world leader of my own mind, the only place our ideas and thoughts are our own in a world gone mad

In a terminal https://slowb.ro

Subscribe to Slowb.ro's Blog

Get the latest posts delivered right to your inbox.

or subscribe via RSS