iOS 9.3.1 bug lets anyone see iPhone’s photos and contacts via Siri

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

A bug in the new version of iOS could offer anyone access to a phone’s photos and contacts.

The slightly complicated trick uses an apparent glitch in the way that Siri works to get access to some of the phone’s most sensitive information.

The trick is done by heading to Siri and asking the personal assistant to search Twitter. Doing so with the right terms can bring up contacts data, like an email address or phone number, and the 3D Touch feature can then be used to bring up a menu allowing people to use that data.

Clicking on the “Add to Existing Contact” option within that menu allows people to get into the contacts app, and scroll through any information that might be stored in there. And from there users can click to change the photo of a given person, which brings up the photo library and allows people to look at any picture.

Because the bug relies on 3D Touch, which is only supported on the iPhone 6s and 6s Plus, it can only be done on those phones. It also appears only to work on iOS 9.3.1, the newest version of Apple’s operating system for iPhones and iPads. And the user must already have given Siri access to the Twitter account and the other apps that are used.

That means that the bug can be at least temporarily fixed by limiting access to the relevant apps. By heading to Settings and then Twitter, Siri’s access to the app can be cut off, and the assistant can be kept from accessing photos by going to the Privacy settings and heading to Photos.

The bug isn’t the first time that Siri has been used to get into some parts of the phone, and another was found in September by the same person, Jose Rodriguez. Such tricks have even become so popular that they have been the subject of hoaxes by people attempting to use them to get in – including a highly popular workaround released last month that actually just showed people accidentally using the phone’s fingerprint sensor.