You might want to wait before downloading the latest version of Apple’s operating system for iPhones.
If you own an iPhone 6S or 6S Plus and have upgraded to iOS 9.3.1, other people can access your contacts and photos without entering a passcode to unlock the phone. It’s an elaborate and finicky but nonetheless startling loophole.
The vulnerability is particularly surprising coming from the privacy-conscious Apple, which has been fighting the US government to protect the security of its phones. Apple didn’t immediately respond to a request for comment.
An anonymous iOS tinkerer videosdebarraquito discovered the issue and documented it in a video on YouTube, which was first reported by the Daily Dot. We independently tested the method and found that it works.
If you want to access someone’s private information on an up-to-date iPhone 6S or 6S Plus without a passcode—which we do not recommend—here are the steps:
- Start Siri, or say, “Hey Siri.”
- Ask Siri to search Twitter
- When Siri asks what to search for, tell her the end of any email address, like “@gmail.com”
- Find a tweet in the results with a full email address
- Click on that tweet
- Using the 3D Touch function on the phone, hard press on the email address
- Swipe up and click “Add to existing contact”
- You’ll then have access to all of that phone’s contacts
Alternatively, if you choose “Add new contact,” you can click on the photo box that pops up, and scroll through all the photos on that phone. Note that these steps only work on newer iPhones with Apple’s 3D Touch feature.