Skip to main content

Apple fixes Siri passcode bypass flaw and Night Shift + Low Power Mode trick

Passcode

Early this morning, we told you about a new iPhone 6s passcode bypass vulnerability that allowed handlers to access photos and contact details without needing to verify with a passcode or Touch ID. The Lock screen vulnerability was made possible by Siri, and let users bypass the security provided by the Lock screen passcode and/or Touch ID.

If there’s a positive spin to put on such a vulnerability, it’s that fixes can be implemented server side without the need for an iOS update. Apple today has fixed the passcode bypass method by forcing Siri to request your Lock screen passcode whenever a user tries to search Twitter via Siri while at a secured Lock screen

If you ask Siri to “Search Twitter” while at the Lock screen, you’ll now receive a response that says “you’ll need to unlock your iPhone first.” Previously, Siri would simply ask what the user would like to search for. The fix, which was apparently implemented sometime today, prevents handlers from accessing sensitive photos or contact information without first entering their passcode.

It also seems that Apple has fixed another bug, one much less nefarious, which let you activate Night Shift Mode while Low Power Mode is enabled. That trick, too, relied on Siri. Now, when you ask Siri to enable Night Shift while Low Power Mode is enabled, you’re met with a response that says: “In order to turn on Night Shift, I’ll have to turn off Low Power Mode. Shall I continue?”

Night Shift Passcode Fix

Previously, users were able to enable both Night Shift and Low Power Mode by means of Siri.

Thanks to Gary and Peter for the tips.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. applegetridofsimandjack - 8 years ago

    These security flaws happen way too often.

    • applenthusiast - 8 years ago

      There are so many different variables that Apple has to test as well as rely on the developer community to test. I applaud Apple for issuing a fix so rapidly.

    • Lawrence Krupp - 8 years ago

      Nonsense. Did you actually read the procedure and machinations it took to expose the issue?

    • Rob Miller - 8 years ago

      Spoken like a person that has never written a line of code.

      • Charlypollo - 8 years ago

        So now you must have a bachelor in computing sciences to make a comment about security flaws in a device that I own? K.

      • realgurahamu - 8 years ago

        Charlypollo people learn coding in high school these days and more often even at a younger age. Whether a person has manually coded in swift, html, php, c++, c# or Visual Basic one thing all of them will know is the complexity of debugging – and it is a tremendous chore which always results in misses when you have tens of thousands of lines of code to go through

        You may own a device but that doesn’t make you knowledgable when it comes to the processes of programming

      • tush4r - 8 years ago

        Some people will never get the meaning “No software is 100 percent bug free.”

      • rob nienburg (@robogobo) - 8 years ago

        Actually you only need to have heard of someone who has written a line of code, or just not be a complete jerk wad, to know that there will always be bugs.

  2. sonicsoundvw - 8 years ago

    Why no night shift on low power mode? Does night shift consume extra juice?

    • applenthusiast - 8 years ago

      Doubtful as it only changes the hue of the screen likely just included with the other disabled features erroneously.

    • Charlypollo - 8 years ago

      Well I think it must. Older devices that got the update didn’t get night shift. So there must be some extra processing power required to change the color of the screen.

  3. burlymanbeard - 8 years ago

    Really I can’t believe you people think this was a bypass..it’s the same as the morons who thought they could ask Siri the time to get past the passcode…you are pushing down the home button to activate Siri..if you are using a finger linked to your Touch ID it it automatically unlocking the phone for eas of access. If you were to try this with hey Siri or a finger no linked to Touch ID it would not work and would ask you to unlock your phone.

    • Jeff Benjamin - 8 years ago

      Dude. Did you even watch the video? You couldn’t have. Because if you had, you wouldn’t have commented calling people morons.

    • cerberusthewise - 8 years ago

      Didn’t watch the video did you?

    • chrispylizard - 8 years ago

      Watch the video. Anyone can hold down the home button on your device to activate Siri. Siri works without asking them your passcode or unlocking the device.

      Certain features of Siri are disabled for security reasons until *you* unlock your device.

      This flaw enabled someone to bypass those restrictions; now, that flaw is fixed.

    • realgurahamu - 8 years ago

      Trust me, if it was user error, Apple would be quick to point it out. They are not too shy to accuse people of using their devices wrongly. If Apple acknowledged the bug and fixed it, then it is definitely genuine.

  4. bloodymerzkizzoid - 8 years ago

    Someone must be fired!

  5. rob nienburg (@robogobo) - 8 years ago

    Wait, so Apple can allow Siri to bypass the lock screen server-side? Isn’t that antithetical to the whole encryption argument?

  6. chrisloehr - 8 years ago

    The dev process is the root cause of the flaw. You can make excuse after excuse, but to state that flaws happen because there are too many lines of code to test and debug is unacceptable.

    • realgurahamu - 8 years ago

      no it’s not, it’s normal. If you’re going to think like you just wrote, then you may as well delete any accounts you have online, throw away all your gadgets and technology that you have. All have software which have bugs. That’s the point of OS and firmware updates.

      You will find it impossible to find a piece of tech which uses software which is bug free. Most bugs in any product are only revealed after the public have used the product – because everybody uses their product differently there are many more variables at play than the limited number of employees at Apple (or any tech company for that matter) can freely think of.

      Why don’t you try developing an OS and tell me after 2 years if any bugs were found by anyone other than yourself. Only then do you have the right to judge.

Author

Avatar for Jeff Benjamin Jeff Benjamin

Jeff is the head of video content production for 9to5. He initially joined 9to5Mac in 2016, producing videos, walkthroughs, how-tos, written tutorials, and reviews. He takes pride in explaining things simply, clearly, and concisely. Jeff’s videos have been watched hundreds of millions of times by people seeking to learn more about today’s tech. Subscribe to 9to5Mac on YouTube to catch Jeff’s latest videos.