Researchers Find Technique to Bypass iPhone Lockscreen

Researchers at MDSec, an IT security firm, have identified a method that allows thieves and hackers to bypass iPhone’s lockscreen utilizing equipment that costs merely few hundred dollars.

In an iPhone, the lockscreen basically serves as a barrier between thieves and the phone since it bricks the device after 10 wrong guesses. Moreover, it has proven to be difficult to bypass on phones that aren’t jailbroken.

However, according to MDSec, there is a way to shut down the phone before it starts registering a wrong guess, which allows virtually unlimited guesses.


The Lockscreen is amongst iPhone’s major anti-theft defences coupled with its remote shut down and Find my iPhone features. But this new revelation can potentially impact its users.

MDSec’s identified method involves recognizing minute alterations in the iPhone’s screen detecting an incorrect password notification just a fraction of a second before the iPhone notes the wrong password. As soon as the system recognizes the changes in the screen it cuts off the phone’s power before the device is able to notify the wrong password.

If performed correctly, the method lets attackers to enter around 10,000 probable passwords without locking it. Thus, hackers can very promisingly bypass the iPhone’s primary defence line.

Pulling off this method, indeed, requires high level of skills especially in securing the supply of power since turning the iPhone so quickly involves cracking open it and manually disconnecting the battery so that the device runs on USB power.

Shutting down procedure also entails that every guess takes about 40sec so entering 10,000 possible passcodes would take a hefty part of one week, giving users ample time to activate the iPhone’s shutdown feature.

But it is still plausible that thieves can give it a try to bypass the phone’s lockscreen simply for the substantial payoff a successful operation would offer.

Broadly speaking, this revelation depicts how challenging security research is. The order of procedures is probably the only vulnerability in this situation, which displays that a passcode has been unsuccessful just a split second before the phone’s internal system realizes the wrong guess. That split second pause was sufficient for giving MDSec an opportunity that led to a highly elaborative method to bypassing the iPhone’s lockscreen.

Watch the demo video below: 

Additional info: Updated with information about Apple’s fix for the bug in iOS 8.1.1

 | Source: MDSEC

Related Posts