Skip to main content

Researcher claims to bypass iPhone security limits, but may have spoken too soon

iphone x notch
Julian Chokkattu/Digital Trends

For a brief moment, it seemed as though a security researcher had found a way to get past the security limits on iPhones and iPads by entering an infinite number of passcodes in order to hack into a device. The purported vulnerability was apparently even present in the latest version of iOS, 11.3, but Apple has now pushed back on these claims, and the researcher also appears to be backtracking on his initial findings.

When attempting to access a locked iPhone or iPad, users generally have a set number of passcode attempts to make before being locked out. You can even set your Apple device to automatically erase its contents if a hacker continuously attempts to guess your passcode. But according to Hacker House cybersecurity firm co-founder Matthew Hickey, if an iDevice is plugged in and a hacker tries to send keyboard inputs, it sets off an interrupt request that supersedes all other commands on the device. This, Hickey said, would allows hackers to send every single possible passcode combination in a single string, and because it wouldn’t give Apple’s software any respite, the inputs would take priority over any data-erasing security feature.

“Instead of sending passcode one at a time and waiting, send them all in one go,” Hickey explained. “If you send your brute-force attack in one long string of inputs, it’ll process all of them and bypass the erase data feature.”

However, Apple’s spokesperson countered these claims, noting simply, “The recent report about a passcode bypass on iPhone was in error, and a result of incorrect testing.”

And a bit later, Hickey seemed to concede that his method may not have been entirely accurate. In a tweet, the security researcher explained that not all of the tested passcodes are ultimately sent to an iPhone or iPad’s secure enclave, which is responsible for guarding against these sorts of attacks.

“The [passcodes] don’t always go to the [secure enclave processor] in some instances — due to pocket dialing [or] overly fast inputs — so although it ‘looks’ like pins are being tested, they aren’t always sent and so they don’t count, the devices register less counts than visible,” he noted.

Hickey said that when he attempted to verify his methods, he found where he may have gone wrong: “I went back to double check all code and testing. When I sent codes to the phone, it appears that 20 or more are entered but in reality it’s only ever sending four or five pins to be checked.”

In any case, Apple will soon be debuting another security feature called USB Restricted Mode, which should make it much more difficult for folks to access an iPhone or iPad.

Editors' Recommendations

Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
Your iPhone just got a new iOS update, and you should download it right now
iPhone 15 Pro display with iPhone 15 Pro Max in background.

Apple has just released a new security update, iOS 17.4.1. This comes a little over two weeks after iOS 17.4, which was a big update. iOS 17.4.1 doesn't add any new features, but it's still an important update you'll want to download as soon as you can.

With iOS 17.4.1, Apple states that the update “provides important bug fixes and security updates and is recommended for all users.” Apple doesn’t mention any specifics of these bug fixes, but more details on what this security update addresses may be revealed at a later date.

Read more
You may have to wait a while longer for new iPads
The backs of Apple's iPad Air and iPad Pro, with the tablets place on a table.

Just days ago, the Chinese website IT Home said Apple would announce the launch of its 2024 iPads on Tuesday, March 26. However, Bloomberg's Mark Gurman — who still believes new iPads will arrive this spring — has debunked this rumor. In other words, we'll probably have to wait a little longer for new Apple tablets to arrive.

Gurman had previously stated that Apple's next-generation tablets would arrive in late March or April.  Of the March 26 rumor, Gurman took to X, formerly Twitter, to say it was "not true."

Read more
The DOJ has sued Apple over the iPhone. Here’s what it means for you
The Apple iPhone 15 Pro Max and iPhone 14 Pro seen from the back.

Apple iPhone 14 Pro (left) and iPhone 15 Pro Max Andy Boxall / Digital Trends

If you're reading this article, chances are you have an iPhone. It's also quite likely that your friends and family members also use an iPhone. The iPhone is the smartphone of choice for millions of people in the U.S., and now, the Department of Justice (DOJ) is suing Apple over the iPhone monopoly it has established over the years.

Read more