Club Benefits
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Daily (Mon-Sun)
Tom's Guide Daily
Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.
Weekly on Thursday
Tom's AI Guide
Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!
Weekly on Friday
Tom's iGuide
Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.
Weekly on Monday
Tom's Streaming Guide
Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
An iOS user has found out a fairly simple easy way to access the photo album of a locked iPhone, select photos and send them to anyone using Apple Messages. The passcode bypass requires about a dozen steps, as demonstrated in a video posted on YouTube.
Until Apple fixes this bug, you can avoid this issue by going to Touch ID & Passcode in Settings to disable access to Siri when your phone is locked. Because nearly all of the passcode bypasses we've seen in the past years have involved Siri, we recommend that you disable Siri from the lockscreen permanently.
MORE: iOS 12's Security Features: The Good and the Bad
Both bugs, discovered by Spanish amateur researcher José Rodríguez, require physical access to an iPhone. However, this latest one is easier to perform that the bug from two weeks ago, which took 37 steps to pull off. The new one requires much less effort and basically leaves any iPhone user vulnerable to a nosy friend or spouse who could access the phone's photo album and grabbing private pics.
Here’s how the bypass works, according to Rodríguez’s video:
- Call the target phone from any other phone.
- Instead of answering the call, click on "Message" in the call window.
- Select "Custom" to reply via text message. That will open the Messages input screen.
- Invoke Siri to activate VoiceOver, the iOS feature that helps sight-impaired users use an iPhone.
- Click on the camera icon.
- Invoke Siri with the iPhone’s home button while you double-tap the display. The screen will turn black. This is where the bug kicks in and iOS gets confused.
- From here, click on the home button again while the screen remains black.
- Swipe up to the upper left corner while the screen remains black. VoiceOver will tell you what you have selected.
- Keep swiping to the top left corner until VoiceOver tells you that you can select the Photo Library ("Fototeca" in Rodriguez' video).
- Tap to select Photo Library.
- After selecting the Photo Library, iOS will take you back to the message screen, but you'll see a blank space where the keyboard should be. The blank space is actually an invisible Photo Library.
- Click on the shelf handle on top of the blank space to activate the Photo Library.
- Now you only have to swipe and double tap to start grabbing photos. Each photo will be pasted in your input field, ready to be sent to any number.
Activating this bug will take some practice to get the timing right, but if you have long-term access to an iPhone, you can try as many times as you like. Once you are in, it’s easy to grab any photos.
