Apple Researcher’s iPhone Passcode Hack Findings Were Incorrect

Yesterday, we reported something that troubled Apple users. However, we now have good news for them. The supposed iPhone passcode hack demonstrated by a researcher was nothing but ‘wrong testing’ claimed by Apple. It means your iPhone passcodes are still safe.

Apple Claims The Alleged iPhone Passcode Hack Was Wrong Testing

The news about iPhone passcode hack discovered by a security researcher Matthew Hickey recently flooded the Internet. He demonstrated in a video that Apple has an ‘erase data’ UI glitch due to which anyone can crack the iPhone passcode. According to him, sending in a long string of passcodes without breaks will confuse the iOS software as a single attempt. Thus, it will override the erase data feature that wipes the device after multiple attempts of inputting wrong passcodes.

However, right after his video surfaced online, Apple, as well as many other researchers were taking notice. People were skeptical about his conclusions and the testing method. Will Strafach, CEO Sudo Security Group, said in his tweet,

Stefan Esser, a German security researcher and the CEO of Antid0te, also expressed his observation in his tweet.

Eventually, Apple confirmed in a statement to Apple Insider, that the so-called hack was nothing but ‘incorrect testing’.

“The recent report about a passcode bypass on iPhone was in error, and a result of incorrect testing.”

It was revealed that the software simply ‘shows’ as if the passcodes are being tested after receiving a long string input. But, as explained by Stefan Esser, the device simply ignores all other codes after a testing a few initially. And, it will continue to do so until the string is broken. And, as we know, after the break, the input will be the second attempt. Thus, there seems to be no erase-data glitch as reported by Hickey.

Researcher Confesses an Incorrect Observation

Matthew Hickey accepts incorrect findings. After discussion with other security researchers (as evident from his Twitter account), he eventually reached a conclusion, about which he tweeted later on.

He also said ‘sorry’ to the people in another tweet.

Although Hickey’s findings didn’t prove fruitful (for hackers), he succeeded in alerting the security team at Apple who did take serious notice of the potential flaw and responded accordingly.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients