Twitter Siri passcode bypass

A new iPhone 6s/6s Plus passcode bypass flaw is making its rounds on the internet today, and it’s similar to flaws we’ve seen in the past on iOS. Don’t be overly alarmed, though, as the odds of this happening to you are slim. Besides, if you are concerned, there are some bonafide ways to go about protecting yourself.

The bypass only works on the iPhone 6s and iPhone 6s Plus, because those devices feature 3D Touch, which is used for this particular variant of the passcode bypass trick. The flaw is present in the latest iOS 9.3.1 update.

Here’s how to test the passcode bypass

Step 1: Lock your device.

Step 2: Invoke Siri and say “Search Twitter”.

Step 3: Once Siri asks what to search for, say: “at-sign yahoo dot com” or any other popular email domain. The goal is to find a tweet containing a valid email address.

Bypass passcode siri twitter

Step 4: Once the search results are returned, tap on a tweet with a valid email address.

Step 5: 3D Touch the email address to bring up the contextual menu.

Step 6: Tap Create New Contact → add photo in order to view the photos on device. You may be asked to give Siri access to the Photo Library. You can also view contacts on device by use the Add to Existing Contact option instead.

Video walkthrough

How to protect yourself

Protect photos

Protect photos Siri

You can disable Siri access to photos, which will prevent people from using the Create New Contact → add photo option mentioned above in step 6. To do so, go to Settings → Privacy → Photos and disable the Siri switch. This setting may only appear if you’ve already given Siri access to your photos as outlined in step 6 above. Unfortunately, this won’t prevent people from seeing your contacts, so if this is a concern, see the alternative security method below.

Disable Siri on the Lock screen

Disable Siri on Lock screen

You can outright disable access to Siri from the Lock screen, stopping this passcode bypass method before it even begins. To do so, go to Settings → Touch ID & Passcode and disable the Siri switch under the allow access when locked heading. This is the more drastic step that eliminates the ability to use Siri altogether while at the Lock screen, so understand the consequences that this could have on your workflow.

You can also rest easy knowing that if your iPhone reboots or encounters a Touch ID grace period time out, you’ll need to verify your passcode before using Siri. Chances are, you’ll never have to worry about your privacy being breached by means of this bypass. That said, you should be aware that such a thing exists, and more importantly, how to go about protecting yourself should the need arise.


FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Jeff Benjamin

Jeff produces videos, walkthroughs, how-tos, written tutorials and reviews. He takes pride in being able to explain things in a simple, clear and concise manner.