Skip to main content

Researcher claims to bypass iPhone security limits, but may have spoken too soon

iphone x notch
Julian Chokkattu/Digital Trends

For a brief moment, it seemed as though a security researcher had found a way to get past the security limits on iPhones and iPads by entering an infinite number of passcodes in order to hack into a device. The purported vulnerability was apparently even present in the latest version of iOS, 11.3, but Apple has now pushed back on these claims, and the researcher also appears to be backtracking on his initial findings.

When attempting to access a locked iPhone or iPad, users generally have a set number of passcode attempts to make before being locked out. You can even set your Apple device to automatically erase its contents if a hacker continuously attempts to guess your passcode. But according to Hacker House cybersecurity firm co-founder Matthew Hickey, if an iDevice is plugged in and a hacker tries to send keyboard inputs, it sets off an interrupt request that supersedes all other commands on the device. This, Hickey said, would allows hackers to send every single possible passcode combination in a single string, and because it wouldn’t give Apple’s software any respite, the inputs would take priority over any data-erasing security feature.

Recommended Videos

“Instead of sending passcode one at a time and waiting, send them all in one go,” Hickey explained. “If you send your brute-force attack in one long string of inputs, it’ll process all of them and bypass the erase data feature.”

Please enable Javascript to view this content

However, Apple’s spokesperson countered these claims, noting simply, “The recent report about a passcode bypass on iPhone was in error, and a result of incorrect testing.”

And a bit later, Hickey seemed to concede that his method may not have been entirely accurate. In a tweet, the security researcher explained that not all of the tested passcodes are ultimately sent to an iPhone or iPad’s secure enclave, which is responsible for guarding against these sorts of attacks.

“The [passcodes] don’t always go to the [secure enclave processor] in some instances — due to pocket dialing [or] overly fast inputs — so although it ‘looks’ like pins are being tested, they aren’t always sent and so they don’t count, the devices register less counts than visible,” he noted.

Hickey said that when he attempted to verify his methods, he found where he may have gone wrong: “I went back to double check all code and testing. When I sent codes to the phone, it appears that 20 or more are entered but in reality it’s only ever sending four or five pins to be checked.”

In any case, Apple will soon be debuting another security feature called USB Restricted Mode, which should make it much more difficult for folks to access an iPhone or iPad.

Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
Some iPhone users report overheating when using Apple Intelligence
The Nomad Magnetic Leather Back on the iPhone 16 Pro Max

After a long wait, iOS 18.2 has finally rolled out to the public at large and unlocked more Apple Intelligence features like Image Playground, Genmoji, and an upgraded Mail app. It might have also introduced a way to keep your hands warm on these frosty winter days, according to some users.

Reddit user u/dsdxp posted on the iPhone subreddit that they had unlocked a secret feature in the iPhone 16 Pro. The comment was obviously sardonic, but many other users responded with their own stories of troubling temperatures from their iPhones. The common element between all of the stories was the Image Playground app and the excessive heat it creates while in use.

Read more
Apple is about to stop selling multiple iPhones in Europe. Here’s why
The iPhone 14 Plus held in a man's hand.

The iPhone SE and iPhone 14 series will no longer be available for purchase in Europe at the end of the year. In an effort to make technology more consumer-friendly, the European Union ruled that any mobile device sold must be able to charge through USB-C, according to iGeneration. While more modern entries in Apple's lineup already meet those guidelines, the iPhone SE and iPhone 14 do not.

These aren't the newest additions to Apple's lineup, but the iPhone SE and the iPhone 14 series are still sold in Europe. These will be pulled from shelves as the deadline approaches. Customers have plenty of options, but this decision will leave the European market without an iPhone SE option until the next model releases in 2025.

Read more
Apple’s mysterious iPhone 17 Air is one step closer to becoming a reality
A render of the iPhone Air.

For months, rumors have indicated that Apple plans to remove the iPhone Plus from the 2025 iPhone 17 lineup, and replace it with an entirely new model that might be called the “iPhone 17 Air.” A new report suggests that this phone is now closer to becoming a reality.

According to Digitimes, the new phone has entered the initial stage of manufacturing, known as the new product introduction (NPI) phase. At this stage, Apple and its manufacturing partners finalize a blueprint for creating the phone. It's a significant step in the process.

Read more