No, You Can’t Bypass iPhone Passcode Attempt Limits with an External Keyboard

Cellebrite's servers hit with data breach

News surfaced over the weekend that you can bypass the iPhone’s passcode attempt limit by connecting the device to a computer and sending the passcodes from there instead of the device’s on-screen keyboard. Apple says you can’t, and odds are they’re right.

Reported iPhone brute force attack doesn't really work
Turns out a reported iPhone passcode brute force attack doesn’t really work

Hacker House co-founder Matthew Hickey posted to Twitter last Friday saying you can try to guess a passcode as many times as you like and even made a video showing the flaw in action.

The video looks pretty damning, but Apple told Engadget that using a computer’s keyboard to send passcodes won’t bypass the built-in security measures. An Apple spokesperson said, The recent report about a passcode bypass on iPhone was in error, and a result of incorrect testing.

Turns out Hickey’s conclusion was based on faulty data. He said in a follow up tweet that the iPhone didn’t register all of the passcode input attempts.

In other words, he thought he was entering more passcode attempts than he really was. That means iOS’s feature that locks and wipes an iPhone’s data after 10 failed login attempts is still safe, at least for now.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.