Skip to content
Naked Security Naked Security

Unlock iPhone without passcode using Siri – video is bogus

FBI, check it out! First, ask Siri what time it is. Then you buy tones from App Store, hop on one foot and bite a chicken's head off.

John the Conqueror root, moss voodoo dolls, racoon penis bones: there are many practices associated with power and prosperity that the FBI presumably hasn’t yet deployed to unlock an iPhone.

Last week, there were two other techniques that went viral.

One combined a software engineer, a hardware engineer, and the very headliney security persona John McAfee, who went on TV to say that the FBI are idiots and that he could get into a locked iPhone in a half hour because the passcode is RIGHT. THERE. In PLAIN. TEXT. (It’s not.)

The second “OMG IF APPLE KNEW THIS AND TOLD FBI THEY COULD HAVE SAVED THE INFO ON THAT PHONE :$” technique was detailed in a YouTube video.

The 35-second clip is called “iPhone Unlock WITHOUT Passcode Glitch *New 2016*” and had been viewed over 440,000 times as of Monday morning, after being uploaded last Thursday, 3 March.

It seems to show a man unlocking an iPhone without knowing the user’s passcode, gaining access by using Siri to ask the iPhone what time it is.

When the phone displays the time, the guy clicks on the Timer option at the bottom of the screen and uses the “When Timer Ends” option to buy more tones from the App Store.

The video says that by tapping the home screen from the App Store, you’ll get taken back to the home screen.

Presto! Unlocked phone.

Cue the “ROFL!” comments, “APPLE #FAIL!”, yadda yadda yadda.

But many commenters did indeed report success unlocking an iPhone with the timer-buy more tones voodoo routine.

Hmm… but only sometimes… and not when they tried it on a friend’s phone… and not when they used another finger, besides their thumb, to access the “buy more tones” button…???

In fact, the viral video fails to make one key aspect clear: by hitting the home screen to activate Siri in the first place, users engage Apple’s Touch ID fingerprint scanner.

Try using anything else – a fingernail, a knuckle, an unfortunate racoon – and it won’t work.

Commenter James Eichbaum1:

Works only if you initiate Siri using your thumb that is tied to security. Then it unlocks in background. Not doing so doesn’t work. Using a different finger, knuckle, whatever, does not work. Post another video using your knuckles and no print to prove me wrong.

No, James Eichbaum1, you are not wrong, as other commenters confirmed.

Even though there’s no visual cue that signals when your fingerprint has been registered, the iPhone is in fact unlocked, albeit in the background.

Trying the process on a locked phone would fail, with the Touch ID scanner keeping you from proceeding to the App Store.

As for John McAfee’s promise to pick apart the iPhone of the San Bernardino terrorist for the FBI, don’t hold your breath on that one.

Do, though, read Ars Technica’s explanation of why the only thing we have to look forward to is Mr. McAfee dining on shoe leather.

Image of iPhone in chains courtesy of Shutterstock.com

22 Comments

I would be willing to bet that McAfee could unlock an iPhone in less than an hour. I know his former company is a competitor of Sophos but please try not to show bias in your article. He may be eccentric and a little crazy but McAfee is probably a better software engineer than anyone on this site. Where there is a will there is a way. Never tell a cracker/hacker that it can’t be done. I would be willing to bet that even I could find a work around eventually. The FBI is grasping for power much like the NSA. This is nothing but an excuse for the FBI to invade privacy. In regards to the video, this may only work with your finger print but it still looks like an exploit to me, if in fact the video is authentic.

Reply

The iPhone 5c that the FBI would like to access doesn’t feature Touch ID, which works almost too fast on iPhone 6 Pluses. The iPhone 5c was also the San Bernardino terrorist’s work phone. The FBI already recovered his personal phone.

Reply

My question is why the hell was an employee allowed to encrypt a company phone with a personal key? There is management software on the market for iphones to prevent employees from doing that.

Reply

They might be able to but, if you hack into a phone using illegal means, one would wonder what the legal ramifications of that might be. Perhaps that gained knowledge from the phone would become unavailable in court. However, if there is a means of access, that was deliberately put in place for law enforcement to do their job, then that would be less likely to be inadmissible.
Frankly, it opens up a massive hole in the security system to have a backdoor, especially if Apple has to keep the key or keys to every single iPhone/Tablet/Computer WHATEVER it’s ever created. What a nightmare.

The FBI/Police need to just do their jobs, and not be so lazy. Go out, do some social engineering, watch The Mentalist, maybe they can get some better ideas.

Reply

Hey, Did apple fixed this issue in iOS 9.2.1 ?? Because I can reproduce this kind of bug still in iOS 9.2.1 as well.

Reply

People are not aware that there are many more than 10 iOS versions. Each main iOS update has multiple minor updates in between. If you got this to work, then you had the exact iOS version to make it work. It was fixed shortly afterward and people are all trying to show their intelligence by denying that it was possible to unlock an iPhone with Siri, but nobody took the time to think that it would be quickly patched.

Reply

Vulnerability Labs posted a video claiming it wasn’t the TouchID firing. They claim they deleted the fingerprint in question, and the vulnerability still existed.

I have no idea if that’s true – that the problem exists independent of the fingerprint being registered – or if it’s a bug where the deleted fingerprint isn’t so “deleted” after all. But the point is that it’s information that should be part of the discussion. Is this truly a screwed up identification of a problem, or has Vulnerability Labs found a genuine problem that’s actually independent of TouchID?

Reply

Folks I know are *not* replicating this. One case in particular was indeed a case of using their TouchID finger, and when they tried with an unregistered one, the vulnerability disappeared.

Practical evidence is leaning towards this not being a true vulnerability, that it’s indeed TouchID. I can’t account for Vulnerability Lab’s claim that they tested things with the TouchID fingerprint deleted. All I can say is that 1. Practical testing is contradicting their claims, and 2. Possibly they’ve discovered a flaw in how TouchID handles deleted fingerprints, but either way, their claim is not holding up with the crowd I’m speaking to.

Reply

Good Day. I just tried this on my IPhone 6 Plus and it works. I have my two thumb prints and my index fingers for my security. I did what the video instructed and it works! So what’s the point of having a passcode on the phone and fingerprints, if anyone can unlock the phone.

Reply

Does not work. To verify just use “Hey Siri” to activate Siri or use a finger you do not have registered with TouchID.

If the when timer ends -> get more button takes you to the store you unlocked the phone with TouchID.

Reply

Not bogus ….. You can do it without tapping on SIRI , You wipe up and set airdrop “contacts only” then hit clock next “flashlight” follow above and your in. No need to touch the touch id.

it also only works on a time issue like when your info is secretly pulling from server.

Reply

Whoever wrote this article is obviously uninformed. There was a point in time when it was definitely possible to unlock an iPhone that was running the early versions of iOS 9. I know this because I did it on two different people’s phones (not including mine). I asked Siri for the time and did all the stuff after that and successfully got into my phone and two others (and no, I did not use the fingerprint scanner. I used a different finger that I didn’t have programmed). But that was fixed in the next iOS 9 update, and that’s when it wasn’t possible anymore. But there were/are plenty of people who are still running iOS 9 and have phones vulnerable to people asking Siri for the time.

Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!