Search This Blog

Apple refutes claim of iPhone passcode hack

Apple has dismissed claims made by security researcher Matt Hickey who said he had found a way to bypass iPhone security protections to enter passcodes as many times as needed.

Hickey, co-founder of cyber security firm Hacker House, had tweeted a video on Friday showing how this can be done by sending a stream of all possible combinations to the device, which will trigger an interrupt request.

He explained that if all combinations are sent in one go using keyboard inputs while the device is plugged in instead of with pauses in between tries, it will trigger an interrupt request that takes precedence over everything else on the device.

However, Apple has since come out and refuted the claim and a spokesperson on Saturday said, "The recent report about a passcode bypass on iPhone was in error, and a result of incorrect testing." 

Retracting his previous position, Hickey tweeted on Sunday that devices are still protected from brute-force attacks as not all passcodes that are being tested are sent.

This was in reference to a previous tweet by Stefan Esser, CEO of security firm Antid0te UG, where he explained that the command to erase iPhone data after 10 tries wasn’t triggered because the various combinations were all “ignored” and counted as a single try.

“The device doesn’t actually try those passcodes until you pause,” Stefan tweeted.

Aside from its initial statement, Apple has not provided any further explanations. The company is planning on including a feature called USB Restricted Mode in its upcoming iOS 12 update that will protect iPhones and iPads from USB-related exploits.

Share it:

Apple Security

iPhone Hacks

Password Crackers