**UPDATE** It would seem that the original vulnerability from the researcher has proven to be incorrect, full details can be found HERE.
Do you think you are safe if you have an iPhone locked with a passcode?. A researcher has discovered a glitch that makes your iPhone passcode easy to crack. According to his discovery, a hacker can easily brute force your phone’s passcode without any data loss.
A Hacker Can Easily Crack Your iPhone Passcode
Since 2014, iPhone passcodes serve as the ‘first line of defense’ against intruders. These 4 or 6 digit codes are quite difficult to crack, and multiple attempts of entering passcodes will wipe the device.
iPhone limits the number of attempts to enter a passcode. However, a security researcher, Matthew Hickey, has discovered an easy way to bypass this limit. According to him, instead of entering combinations of multiple four or six-digit codes, a single long string with various supposed codes (without spaces) will bypass the limit. This can be done by connecting the device to a computer.
Hickey demonstrated this phenomenon in a video, which he also shared on Twitter.
Apple IOS <= 12 Erase Data bypass, tested heavily with iOS11, brute force 4/6digit PIN's without limits (complex passwords YMMV) https://t.co/1wBZOEsBJl – demo of the exploit in action.
— Hacker Fantastic ? (@hackerfantastic) June 22, 2018
This glitch is actually present in the iOS. So, all devices running different versions of iOS are equally vulnerable, regardless of whether it is an iPhone or an iPad.
As revealed through his conversation on Twitter, Hickey has already reported this glitch to Apple.
yes, sent an email to apple.
— Hacker Fantastic ? (@hackerfantastic) June 22, 2018
Matthew Hickey is a security researcher and the co-founder of Hacker House, a cybersecurity company.
However, iOS 12 Users Will Remain Safe
As his work shows, bypassing the data-erase feature in any device requires it to be connected to a computer. This secures the iOS 12 users with the USB Restricted Mode that simply limits a USB connection for the charging purpose only.
Apple is yet to comment about this bug. Although this method to crack the iPhone passcode is time consuming, yet, not difficult. However, until a patch is rolled out, all users running iOS 11.3 or less should prevent physical access to their device.
