How hard is it to bypass an iPhone's lock screen and access the photos and contacts on it even if you don't know the password? If you ask the FBI, it's pretty tough.
But a new bug, that works with the latest version of iOS (9.3.1) and the iPhone 6S and 6S Plus, lets you do just that by tricking Siri into letting you in.
The procedure on how to do that was first posted on YouTube on Spanish, by a user called videosdebarraquito, but YouTuber EverythingApplePro posted a more detailed video in English, below.
The trick includes invoking Siri on a locked iPhone 6S or 6S Plus, asking her to perform a Twitter search, finding a tweet that contains an email address, and then using the phone's 3D Touch capabilities to enter either into the phone's contacts or photos.
This only works in certain conditions -- most importantly, you need to have a 3D Touch enabled device. Also, your Siri needs to be integrated with Twitter and your Photos app (these can be configured in Settings -- Twitter and Settings -- Privacy -- Photos). We suspect many heavy Siri users might have these settings enabled, but it means that this trick will definitely not work on everyone's iPhone.
We've tested this trick ourselves and have managed to replicate it on an iPhone 6S, but only when the settings mentioned above were enabled.
While this is not the same as actually unlocking the phone, iPhone security should definitely prohibit unauthorized access to the phone's contacts, photos and videos, making this bug quite a serious one.
The apparent security flaw has been posted mere days after the launch of iOS 9.3.1 which fixed a bug that caused iPhones to freeze when a link was clicked.
We've contacted Apple about the issue and will update this article when we hear from them.
Have something to add to this story? Share it in the comments.