Skip to main content
  1. Home
  2. Mobile
  3. News

Researcher claims to bypass iPhone security limits, but may have spoken too soon

By
iphone x notch
Julian Chokkattu / Digital Trends

For a brief moment, it seemed as though a security researcher had found a way to get past the security limits on iPhones and iPads by entering an infinite number of passcodes in order to hack into a device. The purported vulnerability was apparently even present in the latest version of iOS, 11.3, but Apple has now pushed back on these claims, and the researcher also appears to be backtracking on his initial findings.

When attempting to access a locked iPhone or iPad, users generally have a set number of passcode attempts to make before being locked out. You can even set your Apple device to automatically erase its contents if a hacker continuously attempts to guess your passcode. But according to Hacker House cybersecurity firm co-founder Matthew Hickey, if an iDevice is plugged in and a hacker tries to send keyboard inputs, it sets off an interrupt request that supersedes all other commands on the device. This, Hickey said, would allows hackers to send every single possible passcode combination in a single string, and because it wouldn’t give Apple’s software any respite, the inputs would take priority over any data-erasing security feature.

Recommended Videos

“Instead of sending passcode one at a time and waiting, send them all in one go,” Hickey explained. “If you send your brute-force attack in one long string of inputs, it’ll process all of them and bypass the erase data feature.”

Please enable Javascript to view this content

However, Apple’s spokesperson countered these claims, noting simply, “The recent report about a passcode bypass on iPhone was in error, and a result of incorrect testing.”

And a bit later, Hickey seemed to concede that his method may not have been entirely accurate. In a tweet, the security researcher explained that not all of the tested passcodes are ultimately sent to an iPhone or iPad’s secure enclave, which is responsible for guarding against these sorts of attacks.

“The [passcodes] don’t always go to the [secure enclave processor] in some instances — due to pocket dialing [or] overly fast inputs — so although it ‘looks’ like pins are being tested, they aren’t always sent and so they don’t count, the devices register less counts than visible,” he noted.

Hickey said that when he attempted to verify his methods, he found where he may have gone wrong: “I went back to double check all code and testing. When I sent codes to the phone, it appears that 20 or more are entered but in reality it’s only ever sending four or five pins to be checked.”

In any case, Apple will soon be debuting another security feature called USB Restricted Mode, which should make it much more difficult for folks to access an iPhone or iPad.

Editors’ Recommendations

Topics
Lulu Chang
Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
Google’s Gemini is getting a lot smarter for iPhone users
Using Gemini Deep Research on a smartphone.

Google's Gemini AI just got a major buff for iPhone users with the addition of its Deep Research feature. Google first added this feature to Android devices, but it's dropping in a phased rollout to the iPhone. If you don't yet see this function, give it some time; at the time of writing, it hasn't hit our phones here at Digital Trends yet.

The Deep Research feature "uses advanced reasoning and long context capabilities to act as a research assistant, exploring complex topics and compiling reports on your behalf." This enables Gemini to do comprehensive, in-depth research on nearly any topic, but be warned: the process is not fast.

Read more
The iPhone upgrade cycle is speeding up. Is this the Apple Intelligence effect?
An iPhone showing an Apple Intelligence rendering of Steve Jobs in the Image Playground app.

Apple has expressed hope that Apple Intelligence will accelerate the iPhone upgrade cycle. A new report suggests that the AI software may be achieving this goal, at least by a little bit.

According to the latest Apple Report from CIRP, consumers are trading in their iPhones for newer models at a faster rate. This is encouraging news for Apple since customers have been keeping their phones for longer periods in recent years.

Read more
Apple seeds critical update to guard iPhones from USB hacking tools
Installing iOS 18.3 update on an iPhone 16 Pro.

Apple has released a fresh software update for iPhones and iPads to plug a critical flaw that could allow bad actors to extract data even from a locked device. The company says if granted physical access, an attacker could break past the safety of USB Restricted Mode on the target iPhone or iPad.

The aforementioned guardrail prevents USB accessories from pulling data from an iPhone that has been sitting in a locked state for over an hour. It seems there was an authorization flaw within Apple’s Accessibility framework that could allow an attacker to disable the USB Restricted Mode safety net.

Read more