Apparent iOS 8 Passcode Security Breach Proves Non-malicious


A rumor has started recently that says iOS 8 has a vulnerability, which results in breach of security. The vulnerability was reported by a Youtube user called EverythingApplesPro. The user uploaded a video on Youtube and explained the vulnerability.

According to the user, the vulnerability involves iOS 8 Touch ID and Passcode. The claim however was proved bogus by iOS developers and security experts. Darren Orf of explained why this claim should be taken with a bag of salt.

But before discussing that, let’s first see what the Youtube user said about the alleged vulnerability. The user owns an iPhone 6. The software he uses is iOS 8.0.2. Both the device and the software are latest. The user first taps on Settings, then on Software Update.

Siri comes as a menu under the Software Update section. When the user taps on Siri, it shows Allow ‘Hey Siri’ option underneath. Then the user instructs to plug the device with a computer or with a charger because ‘Hey Siri’ will only work if the phone is connected to a power plug. The the user toggles the menu and has Touch ID and Passcode enabled.

Once it is confirmed that the Touch ID and Passcode or Touch ID or Passcode are enabled, the user waits for the screen to lock. Then when the screen is locked, the user says ‘Hey Siri’. He then waits for Siri to show up. Siri’s response time is only couple of seconds, then Siri replies with texts on the screen that reads ‘What can I help you with?’

The user then asks Siri a question. It could be any mundane question like ‘How is the weather gonna be today?’ When Siri is about to give a reply, the user hits the home button and then slide the screen. After swiping the screen he finds the Touch ID or Passcode enter menu. The process demonstrated by the user show how to bypass the lock screen feature on iOS 8.0.2.

The user thought it’s a glitch. Darren Orf however did testing with the feature and concluded the alleged glitch is due to the Touch ID registering the thumbprint on a hair trigger. Gizmodo updated their site with “This post originally indicated that the bypass was legitimate, based on incomplete testing on our part. We regret the error and have edited accordingly.”

Successfully bypassing the lock screen feature takes quite a few tries. Gizmodo explains this is because the phone was registering the home button press with Touch ID. Gizmodo team was able to reconstruct the entire process with Touch ID turned on their phones. If the Touch ID is turned off, the process can’t be recreated.

iOS 8.0.1 was reported to have issues. However, iOS 8.0.2 seems free from glitches. Although it’s difficult to rule out the possibility of bugs entirely, Apple is doing its best to identify and fix all the patches. Some glitches are being reported, but most of them are not serious ones.