The whole point of having a passcode associated with your iPhone’s lockscreen is to prevent unwanted access to your phone’s contents. In fact Apple kind of doubled security when they introduced Touch ID. Unfortunately it seems that due to a recently discovered flaw in iOS 9, hackers who get their hands on your phone can bypass the lockscreen entirely.
The bad news is that this flaw seems to have been discovered after Apple issued the iOS 9.0.1 update, meaning that even if you have updated your phone is still susceptible to the flaw. So how does this work? Basically it requires the hacker to enter wrong passcode multiple times. Upon the last time, a combination of precise timing and the launch of Siri will allow the hacker to access your phone.
The access appears to be limited. For example in the video above, it shows how the hacker can only access the Messages app. However within the app, they can then access your contact information as well as photos. For users who like to store personal information in their contacts, like bank account numbers, social security numbers, maybe even passwords, this is bad news.
Photos can also be accessed so any sensitive information they find can be sent to the hacker’s phone as well. There is a temporary fix for this problem which is to disable Siri access from the lockscreen, so if you want to play it safe, perhaps you should do that until Apple issues a fix for it.