Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Refutes Hacker's Claim He Could Break iPhone Passcode Limit (cnet.com)

Posted by msmash on from the he-says-she-says dept.

A security researcher claimed he had figured out a way to bypass the passcode lock limit on an iPhone or iPad, ZDNet reported. But it turned out the passcodes he tested weren't always counted. From a report: "The recent report about a passcode bypass on iPhone was in error, and a result of incorrect testing," Apple said Saturday in an emailed statement. Since the 2014 release of iOS 8, all iPhones and iPads have come with device encryption protected by a four- or six-digit passcode. If the wrong passcode is entered too many times, the device gets wiped, explained ZDNet's Zack Whittaker. But Hacker House co-founder Matthew Hickey figured out a way "to bypass the 10-time limit and enter as many codes as he wants -- even on iOS 11.3," Whittaker wrote.

5 of 96 comments (clear)

  1. He was holding it wrong by volodymyrbiryuk · · Score: 4, Funny

    The recent report about a passcode bypass on iPhone was in error, and a result of incorrect testing

    He was using/holding it wrong.

    --
    sudo rm -r -f --no-preserve-root /
  2. urgk by cascadingstylesheet · · Score: 4, Interesting

    What an unclear story. At first read, it sounds like Apple is saying "well, it's just that some of them don't get counted, so neener neener", which is, er, exactly what the guy was alleging.

    If I understand the clarifications, what Apple meant was that some of them don't get used at all (to try to unlock the device).

    1. Re:urgk by Junta · · Score: 4, Informative

      Basically he was cramming in a lot of digits into a keyboard buffer, but the phone didn't even think about most of them. Meaning that even if he guessed the correct pin, it's most likely it wouldn't have worked because it would be discarded without checking.

      --
      XML is like violence. If it doesn't solve the problem, use more.
    2. Re: urgk by UnknowingFool · · Score: 5, Informative

      You mean it was an unclear summary. The story itself lays it out: the hacker said there is a way to send a stream of passcode attempts via cable to the iPhone which would override the 10 attempt limit. He later had to admit is that the method he used did not always send the attempt correctly to the phone and it was ignored thus not hitting the limit. He thought he sent 20 attempts when reality it was 5 or 6.

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
  3. Option in settings... by The+New+Guy+2.0 · · Score: 4, Informative

    I can type ten bad passwords into my iPhone and not have it wiped. It's an option in settings that when turned off causes the phone to freeze and not accept a new attempt for a progressively longer time.

    So there you have it, not all iPhones wipe after ten bad attempts.