How Thieves Unlock Passcodes on Stolen iPhones (And How to Protect Yourself Against It)

Back in 2010, iOS developer Daniel Amitay developed a camera security app for iPhones that used an unlock screen almost identical to that of the iPhone.
The app was removed in mid-2011 (though, it eventually reappeared in early-2013, still available in the iOS App Store today), and before its initial demise, Amitay recorded the passwords anonymously that users typed in, and these were the results:

 

These ten iPhone passcodes make up 15% of the 200,000 passcodes that his application recorded. The most popular code was "1234", which almost 9,000 people used. The rest of the codes are either very simple ("0000"), create a pattern ("2580"), or in the case of "5683", make up a word (LOVE).
These results are staggering, because according to this study, these ten codes are used by 1 out of every 7 iPhone users. Merely attempting these 10 passcodes gives you a pretty high chance of getting into someone's iPhone, even on newer devices.

Method 1: Using Brute Force to Bypass the iPhone Lock Screen

Aside from the 10 common passcodes above, your chances can exponentially increase if you know the owner of the iPhone well.

Many people use 4-digit pins that they're familiar with: birthdays, anniversaries, addresses, the last 4 of their social security numbers, and even the last 4 digits of their own phone number. iPhone users unlock their cell phones dozens of times a day, making a simple and memorable passcode beneficial.
Add to that oily finger smudges on the screen and there's a pretty good chance you'll get passed the lock screen security.
You have 6 tries to access the phone before you'll see the "disabled" warning, and then a few more before the phone is completely wiped, so that gives plenty of chances for a good brute-forcer to gain access.

Even if you see the disabled screen, you still can hack into it. Scroll down to the Completely Resetting the iPhone with iTunes section for more info.

Protecting Yourself from Brute-Forcers

Much like any PIN (e.g., debit cards), you just need to make the number hard to guess if you want to protect yourself. These tips should go a long way towards that:

• Don't choose any of the ten passcodes listed above.
• Don't use any important dates or any other numbers that can be linked back to you.
• Steer away from passcodes that make shapes, like "1397" or "7139" (a square).
• Instead of an easy 4-digit number, use the newer default 6-digit PIN.
• Even better, use an alphanumeric code. Go to Settings -> Touch ID & Passcode, select "Change Passcode," then enter your current PIN. Then choose "Passcode Options" and set an alphanumeric passcode.

 

 

 For help coming up with better passwords and codes, check out one of the many guides over on Tech Pr0n, Power Byte (the precursor to Null Byte), or InterNoobs.

Method 2: Using Siri to Bypass the Lock Screen

You can use Siri to bypass any code on the iPhone 4S, 5, 5C, or 5S (if Touch ID is disabled), but only to a certain extent, and only if the user has allowed Siri access when the phone is locked.
There's an even newer method that works on all iPhone models and iOS versions up to 10.3.3. EverythingApplePro has done a great job of outlining the hack here, but suffice it to say, Siri is a pretty big vulnerability when it comes to your iPhone's lock screen.

Protecting Yourself from Siri's Flaws

You can protect yourself from this by deactivating Siri while the phone is locked. Do this by going to Settings -> Touch ID & Passcode and disabling the "Siri" option in the Allow Access When Locked section.

 

 

 

Method 3Completely Resetting the iPhone with iTunes

Resetting your iPhone can bypass the passcode, but will delete everything on the phone. This can come in handy if you forget your passcode and have everything backed up on your iTunes. So, if you get a message like this when connecting the device to iTunes...
 

 

You'll need to restore your iPhone back to factory settings:

1. Turn off your iPhone.
2. Press and hold the Home button, and while holding the Home button in, hurry up and connect your iPhone to your computer using the USB cord.
3. Continuing holding the Home button until the "Connect to iTunes" screen pops up.
4. iTunes will give you the recovery mode alert.
5. Click "OK" and restore the device.

This will take off the passcode, but will delete everything on the phone. After that, just make sure to log in with your Apple ID and password, then everything that's been backed up will be restored automatically.

Protecting Yourself from iTunes Restorers

It's tough to protect yourself from a hard reset, especially if your phone is stolen. What you can do is to make sure that Find My iPhone is turned on. That way you cannot only track where the iPhone is, but also remotely delete all the information on it. On the bright side, your data is safe regardless, because if a thief uses this method, they won't be able to log back in with your Apple ID unless they know the email address and password. This means that none of your personal files, such as contacts, messages, and photos, will be available to them.

Method 4Tricking iCloud with a Fake Server

An anonymous hacker by the name of AquaXetine found an exploit in Apple's iCloud system that lets anyone unlock a lost or stolen iPhone running iOS 7 or above, and Apple has yet to fix it.
This hack, available at the doulCi website (iCloud (almost) spelled backwards), appears to change your DNS for the connection to iCloud so their server can intercept the Activation Lock request, and then responds with the proper message to unlock the device.

 

So far, the hackers claim that over 15,000 devices have been unlocked using this technique.

Protecting Yourself from doulCi

Updating your phone's firmware is the easiest way to protect yourself from doulCi. The hack only works on iOS 8 or lower, so if you've accepted an update in the past two years, you're already protected from this lock screen bypass method. To double-check, head to the General menu in Settings, then tap "About" and look for the iOS version number — if it's higher than 8, you're good to go.

Method 5Using redsn0w & Gecko

You can unlock an older iPhone using redsn0w, which also jailbreaks the device without deleting anything. This article has a video that shows how to install redsn0w on any iPhone still using iOS 5, while it  will show you how to do it on iOS 6 devices. It bypasses the code and doesn't delete any of the information stored on the iPhone. This could potentially also work with the evasi0n jailbreak for iOS 7 devices, as well.

You can also use a program called Gecko iPhone Kit (for iOS 5), which can be downloaded here, but most devices are using at least iOS 6 by now. This will actually give you the code and doesn't jailbreak or delete anything from the iPhone. Below is a video tutorial of this process.

Protecting Yourself from redsn0w & Gecko

The fix for this one is simple: Update your damn phone! If you're still running iOS 6, it's time to move on. Updates are great for adding functionality to your phone, but the most important factor is security. Mobile is a relatively new industry, so mobile operating systems still have plenty of security holes that can be exploited. But Apple has a great track record when it comes to patching security holes quickly, so make a habit of tapping that "Update" button as soon as it pops up.
As it stands, these are the only methods we know of for bypassing the lock screen on an iPhone. How about you? Have you found another way to gain access to the lock screen on your iPhone? Let us know in the comment section below.