iOS 9 Hack: How to Access Private Photos and Contacts Without a Passcode

 

Setting a passcode on your iPhone is the first line of defense to help prevent other people from accessing your device.

However, it's pretty easy for anyone to access your personal photographs and contacts from your iPhone running iOS 9 in just 30 seconds or less, even with a passcode and/or Touch ID enabled.

Just yesterday, the Security firm Zerodium announced a Huge Bug Bounty of 1 Million Dollars for finding out zero-day exploits and jailbreak for iPhones and iPads running iOS 9. Now...

A hacker has found a new and quite simple method of bypassing the security of a locked iOS device (iPhone, iPad or iPod touch) running Apple's latest iOS 9 operating system that could allow you to access the device's photos and contacts in 30 seconds or less.

Yes, the passcode on any iOS device running iOS 9.0 is possible to bypass using the benevolent nature of Apple’s personal assistant Siri.

Here's the List of Steps to Bypass Passcode:

You need to follow these simple steps to bypass passcode on any iOS device running iOS 9.0:

1. Wake the iOS device and Enter an incorrect passcode four times.
2. For the fifth time, Enter 3 or 5 digits (depending on how long your passcode is), and for the last one, press and hold the Home button to invoke Siri immediately followed by the 4th digit.
3. After Siri appears, ask her for the time.
4. Tap the Clock icon to open the Clock app, and add a new Clock, then write anything in the Choose a City field.
5. Now double tap on the word you wrote to invoke the copy & paste menu, Select All and then click on "Share".
6. Tap the 'Message' icon in the Share Sheet, and again type something random, hit Return and double tap on the contact name on the top.
7. Select "Create New Contact," and Tap on "Add Photo" and then on "Choose Photo".
8. You'll now be able to see the entire photo library on the iOS device, which is still locked with a passcode. Now browse and view any photo from the Photo album individually.

Video Demonstration 

You can also watch a video demonstration (given below) that shows the whole hack in action.  

 

It isn't a remote flaw you need to worry about, as this only works if someone has access to your iPhone or iOS device. However, such an easy way to bypass any locked iOS device could put users personal data at risk.

How to Prevent iOS 9 Hack

Until Apple fixes this issue, iOS users can protect themselves by disabling Siri on the lock screen from Settings > Touch ID & Passcode. Once disabled, you’ll only be able to use Siri after you have unlocked your iOS device using the passcode or your fingerprint.

 

When a 'Hacker News' Reader Tricked Me into visiting this Amazing Site (Don't Click at Work)

 

My usual bed routine is to check comments under my articles before I go to sleep. The same I was doing last night, but something weird happened to me.

Someone posted a mysterious short link without any text below one of my articles on our official 'The Hacker News' Facebook Page, and with the curiosity to check that link I visited that website. And what I saw…

One by one my every single account I logged in into my web browser got automatically logged out just in few seconds in front of my eyes.

This is exactly what Super Logout does.

Log Out All Your Accounts in Just One Click

Yes, Super Logout – a website that logs you out of over 30 major Internet services just in one click.

You can visit 'Super Logout' here. (Note: Once clicked, this will log you out instantly from all your online accounts and don't worry it is neither harmful, nor malicious)

This is a great tool for people who:

• Usually visit Internet Cafes for surfing Internet
• Surf the Internet using public Wi-Fi
• Use computers in office, libraries or PCs other than their own
• Have an odd habit of logging out of all their online accounts at the end of each day

Superlogout website is one that will make your logging out process very simple if you use multiple accounts in one browser and want to simplify the process.

Going through the source code of the web page, I found that the website is using a simple JavaScript code that loads the logout URLs of all below mentioned Online Services and deletes your login sessions.

Here's the List of Online Services Super Logout Logs Out  

As soon as you visit Superlogout, it will automatically start logging you out one by one of a few dozen major services including:

• Amazon
• Google
• GitHub
• Gmail
• YouTube
• DropBox
• WordPress
• Skype
• Dozons more…

Despite the Superlogout developer has not included Facebook and Twitter in the list, it is a quick way to logout of many websites at once. And we hope to see Facebook and Twitter in a future update.

Beware! Facebook UnfriendAlert Software Steals Your Account Password

 

 

Thousands of Hacked WordPress Sites Abused to Infect Millions of Visitors

 

A Large number of WordPress websites were compromised in last two weeks with a new malware campaign spotted in the wild.

WordPress, a Free and Open source content management system (CMS) and blogging tool, has been once again targeted by hackers at large scale.

Researchers at Sucuri Labs have detected a “Malware Campaign” with an aim of getting access to as many devices they can by making innumerable WordPress websites as its prey.

Why Companies Are Still Unprepared for the EMV Transition

 

 

 

How to Leverage from your Competitor’s Success

 

 

D-Link Accidentally Publishes Its Private Code-Signing Keys on the Internet

D-Link Accidentally Publishes Its Private Code-Signing Keys on the Internet

It's not every time malware creators have to steal or buy a valid code-signing certificate to sign their malware – Sometimes the manufacturers unknowingly provide themselves.

This is what exactly done by a Taiwan-based networking equipment manufacturer D-Link, which accidently published its Private code signing keys inside the company's open source firmware packages.