Security Researcher Finds Brute Force Exploit to Bypass Apple iOS Passcodes

By Nitish Singh / June 23, 2018

A security researcher from cybersecurity firm Hacker House has managed to bypass the Apple iOS security passcode feature and get access to an iPad or iPhone. The exploit works even on iOS 11.3, which is the newest available iteration of the OS. The passcode feature has been around on iOS devices since 2014 and was debuted on iOS 8. Unlike most other digital devices that employ a passcode security feature, an iPhone or iPad makes use of both hardware and software making it nearly impossible for anyone to break into the devices.

Security researcher Matthew Hickey revealed that all a user needs are an iPhone or iPad and an Apple Lightning cable. The exploit manages to bypass the 10-attempt limit after which iOS devices hard reset themselves. The exploit can allow anyone to input unlimited passcodes until the correct one is found. A Brute Force attack can simply send a long string of inputs to the device with all the possible 4 and 6-digit passcodes, eventually breaking open the device.

Hickey explained that instead of sending the passcodes to the devices one by one, sending all of them at one go can bypass the auto-reset feature. He published a video to demonstrate the exploit and believes that it is quite likely that others know about the exploit as well.

The exploit will not be possible once iOS 12 launches as it includes a USB-restricted mode that prevents data access via USB unless the device is unlocked. Apple has not yet responded to the security researcher who emailed the company about his findings, but a patch is likely to be issued in the near future.

What do you think of the passcode exploit? Do you think Apple will release a security patch for it before iOS 12 comes out? Let us know in the comments below. Get instant updates on TechNadu’s Facebook page, or Twitter handle.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari