Skip to main content

Researcher claims to bypass iPhone security limits, but may have spoken too soon

iphone x notch
Julian Chokkattu / Digital Trends

For a brief moment, it seemed as though a security researcher had found a way to get past the security limits on iPhones and iPads by entering an infinite number of passcodes in order to hack into a device. The purported vulnerability was apparently even present in the latest version of iOS, 11.3, but Apple has now pushed back on these claims, and the researcher also appears to be backtracking on his initial findings.

Recommended Videos

When attempting to access a locked iPhone or iPad, users generally have a set number of passcode attempts to make before being locked out. You can even set your Apple device to automatically erase its contents if a hacker continuously attempts to guess your passcode. But according to Hacker House cybersecurity firm co-founder Matthew Hickey, if an iDevice is plugged in and a hacker tries to send keyboard inputs, it sets off an interrupt request that supersedes all other commands on the device. This, Hickey said, would allows hackers to send every single possible passcode combination in a single string, and because it wouldn’t give Apple’s software any respite, the inputs would take priority over any data-erasing security feature.

“Instead of sending passcode one at a time and waiting, send them all in one go,” Hickey explained. “If you send your brute-force attack in one long string of inputs, it’ll process all of them and bypass the erase data feature.”

However, Apple’s spokesperson countered these claims, noting simply, “The recent report about a passcode bypass on iPhone was in error, and a result of incorrect testing.”

And a bit later, Hickey seemed to concede that his method may not have been entirely accurate. In a tweet, the security researcher explained that not all of the tested passcodes are ultimately sent to an iPhone or iPad’s secure enclave, which is responsible for guarding against these sorts of attacks.

“The [passcodes] don’t always go to the [secure enclave processor] in some instances — due to pocket dialing [or] overly fast inputs — so although it ‘looks’ like pins are being tested, they aren’t always sent and so they don’t count, the devices register less counts than visible,” he noted.

Hickey said that when he attempted to verify his methods, he found where he may have gone wrong: “I went back to double check all code and testing. When I sent codes to the phone, it appears that 20 or more are entered but in reality it’s only ever sending four or five pins to be checked.”

In any case, Apple will soon be debuting another security feature called USB Restricted Mode, which should make it much more difficult for folks to access an iPhone or iPad.

Lulu Chang
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
Word of notch-less and bezel-less iPhone in 2027 is refusing to die down
The Apple iPhone 16 Pro Max's screen.

In just two years, the world-dominating smartphone will celebrate its 20th anniversary -- and it looks like Apple has big plans for it. Reports from Bloomberg and The Information suggest the company is aiming for a curved and completely bezel-less display with no notches or cutouts for cameras or sensors.

We've already seen plenty of "curved" and "edge-to-edge" displays from manufacturers like Samsung, but current approaches only curve along the left and right edges of the device. Apple, on the other hand, reportedly wants to go all-in with a glass display that curves around all the edges and corners of the phone.

Read more
iPhone 18 Pro once again tipped for a significant design change
A locked iPhone, showing the lock icon at the top of the screen.

Apple is famous for the sleek, minimal design of its products, but sometimes functionality has to trump minimalism. That's been the case with the iPhone's Face ID system, which provides a very convenient and hands-free way to unlock your phone just by looking at it, but which requires a pill-shaped cutout at the top of the screen to work.

Now, though, it's looking like Apple may ditch the cutout but keep the Face ID unlock option by using detectors placed beneath the screen instead. This under-screen Face ID option would mean that only a small cutout would be required in one corner of the screen for the front-facing camera, so the pill cutout could be removed.

Read more
New iPhone 17 Air leak shows it could be the thinnest, even in a case
A mockup of the Apple iPhone 17 Air next to the iPhone 16 Pro Max.

The new iPhone 17 Air is heavily rumoured to live up to its name by being a far thinner version of the smartphone.

Thinner than what? Well, the iPhone 17 Pro Max. Although once they're both in cases, will anyone even notice?

Read more