Great Moto G Stylus deal on Amazon!

Simple method bypasses an iPhone's passcode limit allowing you to unlock the device

By
71comments
iOS Apple
Video Thumbnail


In order to prevent a locked Apple iPhone from being opened by a hacker, Apple allows users to choose a four or six digit passcode. And to further protect the passcode from being discovered, after ten incorrect attempts to punch in the correct digits, the iPhone will automatically be wiped and the information inside is gone forever. Now, a security researcher named Matthew Hickey has discovered a way to bypass the passcode limit allowing him to try as many different passcode combinations as he wants, even on iOS 11.3.

All that is required for the hack is a locked iPhone turned on, and a Lightning cable. When a user starts punching in passcodes trying to unlock the device, a part of the hardware called the secure enclave keeps track of the number of attempts that have been made, and is slower to respond with each incorrect entry. Getting around this is actually easy with the use of a brute force attack. Instead of entering passcodes one at a time and waiting after each entry, Hickey says you should send your entries in one very long string of inputs. Doing this will bypass the passcode limit and the phone will process all of your passcode entries.

All four-digit codes from 0000 to 9999 should be sent with no spaces. When an iPhone is plugged in, keyboard input has precedence over the phone's passcode limit feature. Thus, using this brute force attack results in the handset working on the strong of four-digit passcodes you've inputted and unlocking the phone before the device is wiped. Time, however, is an issue. Because the iPhone takes three to five seconds to process each passcode, it would take an hour to go through just 100 different passcodes. And while this method will also work with six-digit passcodes by running all of the possibilities between 000000 and 999999 at one time, it would take weeks for the iPhone to complete the task. If you've got enough time to test this out, remember that the iPhone you're cracking open must be plugged in.

Recommended Stories
Earlier this month, we told you that on iOS 12, Apple's USB Restricted Mode will prevent the proprietary Lightning USB port on the iPhone from being used to communicate with other devices if the phone has not been unlocked within the past hour. That will prevent cracking machines like the GrayKey from using the Lightning port to disable the passcode limit on an iPhone. But Grayshift, the company behind the GrayKey, says that it has been able to defeat the USB Restricted mode. If true, that puts the ball back in Apple's court as each side works hard to stay one step ahead of the other.

The USB Restricted Mode does limit the time that someone has to employ Hickey's brute force hack. With iOS 12, you must enter the string of passcodes before an hour passes since the last time that the phone was unlocked. While that doesn't make it impossible to use the hack with iOS 12, it does complicate things a great deal.

Meanwhile, you can check out a video showing Hickey's brute force hack by clicking on the clip found at the top of this article.

source: ZDNet
https://m-cdn.phonearena.com/images/users/39-200/Alan-F.jpg
Alan Friedman Mobile Tech News Journalist
Alan, an ardent smartphone enthusiast and a veteran writer at PhoneArena since 2009, has witnessed and chronicled the transformative years of mobile technology. Owning iconic phones from the original iPhone to the iPhone 15 Pro Max, he has seen smartphones evolve into a global phenomenon. Beyond smartphones, Alan has covered the emergence of tablets, smartwatches, and smart speakers.

Recommended Stories

Loading Comments...

Popular stories

T-Mobile is now going to dictate where you can use its 5G internet
T-Mobile is now going to dictate where you can use its 5G internet
Samsung's killer Galaxy Watch 6 Classic trade-in deal comes just in time for Mother's Day
Samsung's killer Galaxy Watch 6 Classic trade-in deal comes just in time for Mother's Day
Verizon customers need to be on red alert as a phishing campaign aims to steal their money
Verizon customers need to be on red alert as a phishing campaign aims to steal their money
Apple signals the imminent release of the iPad Air (2024) and iPad Pro (2024)
Apple signals the imminent release of the iPad Air (2024) and iPad Pro (2024)
Why in the world would I pay top dollar for the Galaxy S24 Ultra if it gets left behind by Samsung?
Why in the world would I pay top dollar for the Galaxy S24 Ultra if it gets left behind by Samsung?
The speedy iPad Mini 2021 is even sweeter than usual after a lovely discount on Amazon
The speedy iPad Mini 2021 is even sweeter than usual after a lovely discount on Amazon

Latest News

Grab the OnePlus Pad at its lowest price through this sweet deal
Grab the OnePlus Pad at its lowest price through this sweet deal
TikTok might shut down for real, as the owner apparently rejects selling the app
TikTok might shut down for real, as the owner apparently rejects selling the app
The small but capable Bose SoundLink Flex drops to its best price at Best Buy
The small but capable Bose SoundLink Flex drops to its best price at Best Buy
Patent shows the Galaxy Z Flip 7 may come with three cameras
Patent shows the Galaxy Z Flip 7 may come with three cameras
Is Apple going to take over your home with a Google-powered robot?
Is Apple going to take over your home with a Google-powered robot?
Introducing PhoneArena Battery Score: an easier way to learn about battery life on your phone
Introducing PhoneArena Battery Score: an easier way to learn about battery life on your phone
FCC OKs Cingular\'s purchase of AT&T Wireless