A recently discovered flaw in iOS 9 could allow a person to view any Apple device's contacts and photos without entering the proper passcode.
An uploaded video from Jose Rodriguez showed him entering the wrong PIN four times. He then tried a fifth time, but instead, only typed three numbers and then held down the home button. This activated Siri, at which point he asked "her" for the time. When she answered, he navigated to the phone's Search and Share function and continued clicking through to ultimately access and message contacts, view the user's contacts and browse photos.
The photos, for instance, are exposed when navigating to add a new contact. From there, the unauthorized user can click to add a photo to a contact, thereby leading to the phone's gallery.
Rodriguez suggests disabling Siri as one way to falling victim to the workaround.