Apple Refutes iPhone Passcode Bypass Claims by Hacker, Claims It's a Result of 'Incorrect Testing'

Advertisement
By Ankit Chawla | Updated: 25 June 2018 11:35 IST
Highlights
  • A hacker had claimed a passcode bypass last week
  • The hack appears to bypass lock out and erase data options
  • Apple has disputed the genuinity of the hack
Apple Refutes iPhone Passcode Bypass Claims by Hacker, Claims It's a Result of 'Incorrect Testing'

Apple will soon bring the controversial USB Restricted Mode to iPhone and iPad devices with the rollout of iOS 12 later this year. This toggle in the settings will cut off communication through the USB port when the phone has not been unlocked in an hour. With the move, Apple was preventing the use of brute-force attacks to guess the passcode, a method commonly employed by law enforcement authorities and security agencies to crack a locked iPhone. The company had said it was aiming to protect all customers, especially in countries where phones are readily obtained by police or by criminals with extensive resources, and to head off further spread of the attack technique. Despite this upcoming fix to the brute force, an ethical hacker posted a demonstration of a brute-force passcode attack on devices running versions lower than iOS 12. He claimed to have bypassed current protections by sending passcodes combinations at once. Apple replied to the claim by refuting the method, calling it "incorrect testing".

Matthew Hickey, who goes by the pseudonym @hackerfantastic, took to Twitter on Saturday to show how the iPhone's passcode could be bypassed with a simple hack. In a Vimeo video, Hickey is seen connecting a Lightning cable to an iPhone running the latest stable version of iOS 11.3. He also shows, in Settings, that the Erase Data (on multiple wrong attempts) option has been switched on. He then runs his software which sends all passcode attempts ranging from 0000 to 9999 to the iPhone at once, instead of once at a time. The one-minute video shows that the iPhone gets unlocked within seconds of running the software.

He explained the brute-force attack to ZDNet, "If you send your brute-force attack in one long string of inputs, it'll process all of them, and bypass the erase data feature." As you know, passcode bypass protections will erase a phone's data after multiple wrong attempts.

After a day of posting about the brute-force attack, the hacker suggested in a correction to his original claim, that the iPhone's Secure Enclave Processor (SEP) appeared to register less PINs than previously thought, due to instances of pocket dialling and/ or overly fast inputs. "When I sent codes to the phone, it appears that 20 or more are entered but in reality its only ever sending four or five pins to be checked," he explained to ZDNet. Hickey said he reported his findings to Apple before tweeting about them.

Advertisement

In a statement to ZDNet, Apple spokesperson Michele Wyman responded to the Hickey's claim, "The recent report about a passcode bypass on iPhone was in error, and a result of incorrect testing." The company did not provide any details about precisely why it disputes the findings.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: iPhone, Apple
Advertisement

Related Stories

Popular Mobile Brands
  1. OnePlus Pad 3 With 12,140mAh Battery Launched in India: Check Features
  2. Our Fault OTT Release Date: When and Where to Watch Final Chapter of Culpables Online?
  3. Best Smartphones Under Rs 25,000 in India: Check List
  4. OnePlus 13s vs iQOO 13: Price in India, Specifications Compared
  5. AirPods Pro 2, AirPods 4 May Get New Head Gestures, Camera Control, More
  6. Oppo Teases Launch of New Smartphone in India; Could Be Reno 14
  7. OnePlus 13s Launched in India: Know Price, Specifications and More
  8. OnePlus 13s Review
  9. Meta Explains Tech Behind Its Aria Gen 2 Glasses
  10. Xiaomi 16 Battery and Display Size Leaked Ahead of Debut in China
  1. Hugging Face Releases SmolVLA Open Source AI Model For Robotics Workflows
  2. Redmi Pad 2 With 9,000mAh Battery, MediaTek Helio G100 Ultra Chip Launched: Price, Specifications
  3. Alphabet CEO Expects to Keep Hiring Engineers as AI Advances
  4. Amazon Said to Be Preparing to Test Humanoid Robots for Deliveries
  5. Google Doubles Gemini 2.5 Pro Rate Limit for Google AI Pro Subscribers
  6. Apple Said to Have Given iPhone Repair Business to Tata India as Partnership Expands
  7. Huawei Pura 80 Pro, Pura 80 Pro+ Design Teased; Pre-Reservation Begin
  8. Mistral Code AI-Powered Coding Assistant Introduced for Enterprise Developers
  9. Nothing Headphone 1 Launch Date Set for July 1, to Arrive Alongside Nothing Phone 3
  10. Ethereum Foundation Announces Overhauled Treasury Strategy Amid Scaling Push
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.