Apple Disputes New Method to ‘Brute Force’ iPhone Passcode Lock

Unidentified Hacker Has Breached Cellebrite's Servers, Ironically Stole and Made Public Company's iOS Hacking Tools Credit: Focus Stocker
Text Size
- +

Toggle Dark Mode

A security researcher allegedly discovered a way to successfully “brute force” an iPhone’s passcode lock, but Apple has since pushed back.

Matthew Hickey revealed the supposed exploit on Twitter Friday, tweeting that the method could be used to bypass an iPhone’s incorrect password limits — even on up-to-date versions of iOS.

Normally, iPhones lock themselves after a certain number of incorrect passcode inputs. They can even be set to erase data after the incorrect passcode. This, in essence, is a potent defense about “brute forcing” — in layman’s terms, a method that involves using a computer to input all possible passcode.

But Hickey said he had found a way around that security limit. Essentially, his method supposedly involved sending all potential passcodes between 0000 and 9999 “all in one go,” rather than one at a time. Due to an alleged flaw, this would override the security limit.

“If you send your brute-force attack in one long string of inputs, it’ll process all of them, and bypass the erase data feature,” Hickey added. The security researcher reported the vulnerability to Apple before tweeting about it.

Of course, such a security flaw would render a lot of iPhones vulnerable to a relatively simple method of bypassing encryption — rather than the more sophisticated tools used by hacking devices like GrayKey.

Luckily, Hickey’s findings may be erroneous. An Apple spokesperson later disputed the authenticity of the vulnerability to ZDNet. “The recent report about a passcode bypass on iPhone was in error, and a result of incorrect testing,” she said in a statement.

The security researcher and co-founder of cybersecurity firm Hacker House later double-checked and confirmed that the method wasn’t actually a vulnerability.

“I went back to double check all code and testing,” Hickey told ZDNet. “When I sent codes to the phone, it appears that 20 or more are entered but in reality it’s only ever sending four or five pins to be checked.”

While Hickey’s method may not work, there may be other ways for law enforcement and third-parties to bypass an iPhone’s encryption.

Earlier this month, Apple confirmed that its USB Restricted Mode closed a loophole used by hacking tools like GrayKey. Unfortunately, Motherboard later reported that Grayshift may have already found a way around Apple’s USB Restricted Mode — though it’s not currently clear if that’s the case.

Social Sharing