https://www.youtube.com/watch?v=SvzW_d5Q0vg
YouTube user EverythingApplesPro claims to have found a security vulnerability involving Apple’s iOS 8 Touch ID and Passcode. Update: After further testing, we’ve determined that this is almost definitely just Touch ID registering the thumbprint on a hair trigger.
This post originally indicated that the bypass was legitimate, based on incomplete testing on our part. We regret the error and have edited accordingly.
The process detailed in the video seems pretty simple but has a low success rate. Essentially, you ask Siri a question on the lock screen. For example, we used “What’s the weather like tomorrow.” As Siri’s thinking up the answer, press the home button and swipe right and it appears slip past Apple’s iOS 8 security defenses.
The reason it takes so many tries, though, is that the phone appears to actually just be registering the home button press with Touch ID. In our testing, we were able to recreate the process with our own phones with Touch ID turned on; if others used our phones or if Touch ID was off, we couldn’t.
So! While iOS 8.0.1 certainly had its issues, iOS 8.0.2 isn’t as vulnerable as it might appear.
