New Method to Crack iPhone Passcode Discovered By Researcher

**UPDATE** It would seem that the original vulnerability from the researcher has proven to be incorrect, full details can be found HERE.

Do you think you are safe if you have an iPhone locked with a passcode?. A researcher has discovered a glitch that makes your iPhone passcode easy to crack. According to his discovery, a hacker can easily brute force your phone’s passcode without any data loss.

A Hacker Can Easily Crack Your iPhone Passcode

Since 2014, iPhone passcodes serve as the ‘first line of defense’ against intruders. These 4 or 6 digit codes are quite difficult to crack, and multiple attempts of entering passcodes will wipe the device.

iPhone limits the number of attempts to enter a passcode. However, a security researcher, Matthew Hickey, has discovered an easy way to bypass this limit. According to him, instead of entering combinations of multiple four or six-digit codes, a single long string with various supposed codes (without spaces) will bypass the limit. This can be done by connecting the device to a computer.

Hickey demonstrated this phenomenon in a video, which he also shared on Twitter.

This glitch is actually present in the iOS. So, all devices running different versions of iOS are equally vulnerable, regardless of whether it is an iPhone or an iPad.

As revealed through his conversation on Twitter, Hickey has already reported this glitch to Apple.

Matthew Hickey is a security researcher and the co-founder of Hacker House, a cybersecurity company.

However, iOS 12 Users Will Remain Safe

As his work shows, bypassing the data-erase feature in any device requires it to be connected to a computer. This secures the iOS 12 users with the USB Restricted Mode that simply limits a USB connection for the charging purpose only.

Apple is yet to comment about this bug. Although this method to crack the iPhone passcode is time consuming, yet, not difficult. However, until a patch is rolled out, all users running iOS 11.3 or less should prevent physical access to their device.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

How to Improve Your Cyber Resilience by Strengthening User Privileges