Your iPhone or iPad are encrypted only as long as you use a password/PIN lock to protect your device — Touch ID and Face ID have the same purpose, but to enable either you have to set a password/PIN as well.
A hacker said recently that the passcode could be easily bypassed by using an unexpected trick. What sounded like a huge scare, however, turned out to be fake. Apple, however, assured users that there’s no easy way to brute force the iPhone, and the hacker’s work incorrect.
Yes, law enforcement agencies have at their disposal sophisticated machines that can unlock any iPhone entered into evidence. And Apple is trying to make the job of those machines harder. But that’s a different thing. That’s not what’s happening here.
A hacker claimed that simply entering all the possible combinations between 0000 to 9999 with no spaces between them will force the iPhone to unlock. That’s easier said than done, however, as it requires an attacker to use a physical keyboard over a USB connection to do it.
The idea here is to circumvent the protections Apple set in place to prevent someone from simply testing out all the possible password combinations until one unlocks the device — that’s what brute forcing is.
According to the hacker, the use of a keyboard is what allowed him to enter more than 10 passwords without triggering a phone’s self-delete feature.
“Instead of sending passcode one at a time and waiting, send them all in one go,” he told ZDNet. “If you send your brute-force attack in one long string of inputs, it’ll process all of them, and bypass the erase data feature.”
Hickey disclosed the hack to Apple on Friday, right before posting his discovery on Twitter. It sure is strange to see a hacker report a newly found vulnerability right after notifying the company. You’d think Hickey would give Apple time to fix it if indeed the matter needs fixing.
It turns out, however, that the hack is not possible as described.
“The recent report about a passcode bypass on iPhone was in error, and a result of incorrect testing,” Apple told Gizmodo and other tech sites. Apple did not provide any additional explanations.