Page 2 : iOS 9 Siri Bug, Touch ID & Assistive Touch, The FBI
iOS 9 Siri Bug
The source of SoFlo’s iPhone unlocking hack is really the iOS 9 Siri bug that was revealed right after iOS 9 was released on September 16, 2015. Here are the steps to exploit that bug :
- [adrotate banner=”4″]In the Lock screen, key in an incorrect passcode a few times.
- On the last attempt, invoke Siri immediately.
- Ask Siri for the time, and click to add a new Clock.
- Type in a random word in the Choose a City search field.
- Select the random word and Share it as a Message.
- Once in the Message app, you can access the entire Photo Library.
- You can also select Create New Contact to access the Contact List.
Note the initial step of keying in an incorrect passcode a few times. It is this initial step that is (likely) allowing some users to successfully replicate the exploit. SoFlo did not mention that in his video. So even if we assume he was using an iOS 9 device, how did he even exploit the bug?
More importantly, the iOS 9 Siri bug only allows you to access the device’s Photo Library and Contact List. It does NOT allow you to go to the Home screen, and basically access the device in its entirety. Yet SoFlo demonstrated that his hack allows him to access the Home screen. How is that possible?
The simplest explanation is that SoFlo didn’t actually hack the iPhone. As we demonstrated in our proof video, triggering Touch ID is the only guaranteed way to properly replicate everything he did.
Touch ID & Assistive Touch New!
If you watch our proof video carefully, you will note that we not only used the pen to trigger Siri, we also used it to get out to the Home screen. This is because Touch ID is active AT ALL TIMES. In one instance, we chose to use the Assistive Touch shortcut, instead of the physical Home button. We did this to avoid activating Touch ID.
In other words, those of you who may have taken the precaution of calling Siri using a pen, or with your finger covered with cloth, may have activated Touch ID anyway when you pressed on the Home button later in the “hack”. To be sure you are not activating Touch ID, either disable it completely, or use a pen to press on the Home button at all times, or use Assistive Touch.
Relevance To The FBI
SoFlo’s mocking of the FBI is deliberately designed to trick you into making his hoax video go viral. Who would pass up a chance to thumb their noses at the FBI? 😀
But let’s consider the likelihood that the iOS 9 Siri bug would be of any use to the FBI, in their efforts to gain access into the Apple iPhone 5C (the same model we used in our proof video) used by one of the two shooters in the 2015 San Bernardino attack.
This bug was fixed in iOS 9.0.1, released just one week later on September 23, 2015. The San Bernardino attack happened on December 2, 2015. It is more than likely that the Apple iPhone 5C used had already been patched. By December 2, Apple had already released 2 minor updates and one major update :
- iOS 9.0.1 – September 23, 2015
- iOS 9.0.2 – September 30, 2015
- iOS 9.1 – October 21, 2015
We do not have any information on the exact iOS version the San Bernardino iPhone 5C is using. But considering the efforts the FBI have gone into forcing Apple into installing an exploit to gain access to that device, it has likely been patched against the iOS 9 Siri bug. Needless to say, the exploit will not work if Siri was disabled.
Incidentally, if SoFlo actually discovered an exploit that actually unlocked an iPhone without the passcode or Touch ID, he would have taken it to the FBI. The publicity he would have earned from that act would be worth far, FAR more than spreading a viral video.
Think about it.[adrotate banner=”5″]