Skip to main content

Researcher claims to bypass iPhone security limits, but may have spoken too soon

iphone x notch
Julian Chokkattu/Digital Trends

For a brief moment, it seemed as though a security researcher had found a way to get past the security limits on iPhones and iPads by entering an infinite number of passcodes in order to hack into a device. The purported vulnerability was apparently even present in the latest version of iOS, 11.3, but Apple has now pushed back on these claims, and the researcher also appears to be backtracking on his initial findings.

When attempting to access a locked iPhone or iPad, users generally have a set number of passcode attempts to make before being locked out. You can even set your Apple device to automatically erase its contents if a hacker continuously attempts to guess your passcode. But according to Hacker House cybersecurity firm co-founder Matthew Hickey, if an iDevice is plugged in and a hacker tries to send keyboard inputs, it sets off an interrupt request that supersedes all other commands on the device. This, Hickey said, would allows hackers to send every single possible passcode combination in a single string, and because it wouldn’t give Apple’s software any respite, the inputs would take priority over any data-erasing security feature.

Recommended Videos

“Instead of sending passcode one at a time and waiting, send them all in one go,” Hickey explained. “If you send your brute-force attack in one long string of inputs, it’ll process all of them and bypass the erase data feature.”

Please enable Javascript to view this content

However, Apple’s spokesperson countered these claims, noting simply, “The recent report about a passcode bypass on iPhone was in error, and a result of incorrect testing.”

And a bit later, Hickey seemed to concede that his method may not have been entirely accurate. In a tweet, the security researcher explained that not all of the tested passcodes are ultimately sent to an iPhone or iPad’s secure enclave, which is responsible for guarding against these sorts of attacks.

“The [passcodes] don’t always go to the [secure enclave processor] in some instances — due to pocket dialing [or] overly fast inputs — so although it ‘looks’ like pins are being tested, they aren’t always sent and so they don’t count, the devices register less counts than visible,” he noted.

Hickey said that when he attempted to verify his methods, he found where he may have gone wrong: “I went back to double check all code and testing. When I sent codes to the phone, it appears that 20 or more are entered but in reality it’s only ever sending four or five pins to be checked.”

In any case, Apple will soon be debuting another security feature called USB Restricted Mode, which should make it much more difficult for folks to access an iPhone or iPad.

Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
The good and bad of Apple Intelligence after using it on my iPhone for months
Apple Intelligence on iPhone 15 Pro.

Whether you love or hate it, AI doesn’t appear to be going away anytime soon. In fact, AI is evolving quite rapidly, and it’s now in the palms of our hands with our smartphones, as Google, Samsung, and even Apple have now fully embraced our AI future.

Though Apple was late to the game with Apple Intelligence, the company majorly hyped it up for the iPhone 16 launch in September, even though, amazingly, it did not roll out until October with the iOS 18.1 update. The staggered release schedule for Apple Intelligence confused many consumers as to why they did not have Apple Intelligence immediately with their iPhone 16 purchases, and it felt like a big misstep from Apple.

Read more
I’m a longtime iPhone user. This was my favorite Android phone of 2024
Pixel 9 Pro and iPhone 16 Pro.

What a whirlwind 2024 has been for the mobile industry. We got all the usual suspects releasing their flagship phones for the year, and it was certainly an impressive slate of options.

As you may know, I’ve been an iPhone user since the original, and I’ve had every generation of iPhone, including the iPhone 16 Pro this year. But since I joined Digital Trends a couple of years ago, I’ve got my fill of Android phones, too. And this year, this is the one that stood out to me the most: the Google Pixel 9 Pro.
The pink Pro phone I was looking for

Read more
The iPhone SE 4 price just leaked, and it’s better than we expected
iPhone SE

The iPhone SE 4 has been a highly anticipated choice for quite a while now, and we expect it to release sometime in the first quarter of 2025. While we know a lot about the iPhone SE 4, we haven't been able to nail down a solid estimate on its price. Now we have, and it's pretty awesome: the iPhone SE 4 is predicted to come in below $500.

Apple has been hard at work on its own in-house modem, and the iPhone SE 4 will be the first device to include that modem, according to a report from Naver. Since Apple is providing its own modem, it won't need to pay Qualcomm a fee for its 5G chips. The exact amount Apple pays Qualcomm isn't known, but it's a not-insignificant amount of money.

Read more