A new security flaw that was discovered recently lets would-be hackers access your address book and photos, even if you have a password set. It requires a bit of trickery to work, but it’s a bug nonetheless, and one that we suspect Apple will need to fix sooner than later.
In a recent YouTube video posted by “VideosdeBarraquito,” we see the user ask Siri to help him perform a Twitter search. After Siri delivers the results, the user is then able to use 3D Touch to add a contact. It’s at this point that the entire address book is exposed.
If the user continues to create a new contact and decides to add a photo, that’s when the phone’s entire gallery is accessed. All of this can be done using Siri and without ever entering a PIN.
Keep in mind that this bug won’t affect everyone, only folks who have given Siri permission to access Twitter. You should be safe if you’ve never done that. AppleInsider said that the bug also applies to folks who might have WhatsApp tied to Siri. The security flaw currently exists in iOS 9.3.1.