iPhone lock screen glitch may not be what it seems

It was believed for a short time this week that iOS would allow hackers to brute force past lock screen passcode if they were able to manipulate a series of continuous input attempts — in most cases, this could be done through a computer connection.

Hacker House researcher Matthew Hickey tested continuous input brute forcing and had seemingly shorted out iOS’s data erasure protection measure that would activate after ten wrong attempts.

Apple spokeswoman Michele Wyman told multiple media outlets that the “recent report about a passcode bypass on iPhone was in error, and a result of incorrect testing.” The statement did not go into any detail about the error.

Hickey went back to the drawing board and, as was suggested at some point by Antid0te CEO Stefan Esser, looked into the secure enclave processor’s readings.

“When I sent codes to the phone, it appears that 20 or more are entered but in reality its only ever sending four or five pins to be checked,” Hickey told ZDNet.

Rene Ritchie of iMore suggests that perhaps the SEP was checking for potential unintentional entries from pocket dialing or moisture on the display, but it could be one of many possibilities.

All said, Apple was right to stand its ground on a bug that turned out to be nothing (for now, as the research goes on), though its attempts at assuaging any lingering concerns its consumers may have could use work.

Discuss This Post

Read More

Share This Post

Watch the Latest Pocketnow Videos

About The Author
Jules Wang
Jules Wang is News Editor for Pocketnow and one of the hosts of the Pocketnow Weekly Podcast. He came onto the team in 2014 as an intern editing and producing videos and the podcast while he was studying journalism at Emerson College. He graduated the year after and entered into his current position at Pocketnow, full-time.