Contrary to popular belief, the Touch ID, introduced with the iPhone 5S, does not make your iPhone completely unhackable. Bypassing both the Touch ID and passocde is not an easy job, but it can be done. Last year, SilliconAngle covered a security flaw in iOS 9 that made access to Photos possible on anybody’s phone, without knowing the passcode or using the Touch ID.
This year, we’re covering security gaps associated with your iPhone's lockscreen, no matter which iOS version you’re on.
If a fingerprint is not read correctly, or if you double tap the home button, you’re prompted to enter a pincode. If your device is protected with a simple four-digit passcode, the iPhone can be easily unlocked. With only 9,999 possible combinations this code can be cracked. Besides, the most common combinations are available online, making brute-force attacks quite easy to mimic.
A research suggests that about 15% of all iPhone users have very common four digits passcode. Passwords like “1234”, “0000”, birthdays and anniversaries are more frequent than you think. Although in iOS 10 and iOS 9 a six-digit code is selected by default, people are still looking for articles on how to switch back to the less secure 4-digit combination.
To bypass the 4-digit passcode security layer, hackers usually go for 5 methods:
- Brute force attack (a few tries until the iPhone is completely disabled)
- Using a sequence of commands with Siri
- Passcode hacking applications
- A fake server
- Resetting the phone using iTunes
Increase your lockscreen’s security
Lockscreen attacks are not very common, but they’re the easiest to attempt and most likely to succeed if your device is not configured correctly.
Over the past years, various security breaches have occurred, targeting high profile people, and low profiles as well. The particular nature of a lockscreen attack is that it requires direct contact with the iPhone, meaning your device is either stolen or misused by people you might feel comfortable around.
For your security and peace of mind, let us help you set up your iPhone to reduce the likelihood of a successful lockscreen hacking attempt.
1. Replace the four-digit passcode with a six-digit password
The first step is to use a six-digit pincode. A four-digit passcode means 9,999 passcode combinations. For a six-digit passcode, a hacker will need about 999,999 attempts to hack the phone. Of course, this can’t happen as long as you have activated the data erasing after failed passcode attempts.
To replace the four-digit passcode with a six-digit password go to Settings, select Touch ID and password and choose Select Passcode. Select 6-Digit Numeric Code then add your password.
2. Replace your password with a longer passcode
By using this method, you can rest assured you'll make the hacker's job much more difficult. For every additional digit used in the passcode structure, the number of necessary attempts is increasing ten times. If for six-digit passcode there are necessary about 999,999 combinations, for a seven-digit passcode the number of combinations increases at 9,999,999.
To activate this option, go to Touch ID & password, click on Select passcode then choose Custom Numeric Code. You will be allowed to use additional numbers to lock your iPhone’s screen.
Remember that you need to have at least iOS 9 on your iPhone if you want to activate this feature on your device.
If your smartphone is running iOS 8 and you still need to increase your iPhone protection, use an alphanumeric code instead. This option allows you to protect your iPhone with a passcode using number and letters.
By using this option and more than eight letters and numbers, you can be sure that the passcode cannot be hacked or guessed as long you don’t use a very obvious combination. To activate it, go to Select Passcode, choose Custom Alphanumeric Code and add your new credentials. Make sure you don’t forget your passcode to prevent losing your data!
3. Deactivate Control Center’s access
If you lose your smartphone and you have the Find my iPhone active your data is still at risk. As long as the potential pickpocket can switch your iPhone’s settings on Airplane Mode, you run the risk of losing control of your remotely controlled device.
The best protection method is to make sure the Control Center can’t change the Access on Lock Screen’s settings. To deactivate the access to the Lock Screen settings, go to Control Center then use the switch to deactivate Lock Screen access.
4. Disable Siri’s access to lock screen features
Siri is one of the most appreciated iOS features, and is expected to turn into a more intuitive AI assistant, with Apple’s decision to hire its first director of AI. Currently, in terms of security, the assistant has its weak points. Discovered in iOS 9, this simple exploit could make your iPhone accessible even if a hacker doesn’t know the passcode. By using Siri, he could eventually gain access to sensitive data.
To prevent bypassing the passcode you need to make sure that Siri’s settings don’t allow access to your private data. Go to Settings then select Touch ID & Passcode. Choose Allow Access When Locked and turn off Siri, Notifications View, Wallet, Today and Reply with iMessages.
5. Decrease the time until the iPhone locks itself
Snatching an iPhone on the street from strangers is quite common. When that happens, the iPhone is usually unlocked, and the thief will have access to everything.
To prevent this, use a shorter time interval for automatic iPhone locking. To decrease the number of seconds until the phone lockscreen is activated you need to change the Auto-Lock timer’s settings.
To do this go on Settings, choose General then Auto lock. At this point you can adjust the time available until the iPhone is blocked. The shortest interval of time is 30 seconds (Immediately). Activate this option and confirm the action. Then go to the Passcode & Touch ID settings and decrease the time interval until the passcode is required.
6. Remove the notifications from iPhone’s screen
Even locked, an iPhone still shows various notifications, accessible to anyone else, as long as they have access to your device. Received emails or iMessages are displayed on the screen even if the passcode is active and the phone is apparently locked. You can prevent any accidental data preview by hiding any notification on your display.
Repeat these steps for each application installed. Access your iPhone’s Settings, go to Notifications and select the app from you need to hide notifications for. Once selected, deactivate both Show on Lock Screen and Show Previews then confirm the action. Go to all your sensitive apps and repeat the same steps.
By changing your iPhone lockscreen’s default settings, you can increase the security of your device. Even so, these methods are not infallible and there are ways to improve the security and data protection of the iPhone. For your peace of mind, we suggest you activate 2FA on your iCloud account and make sure that iCloud Backup is turned on.
Do you know any other methods to protect your iPhone’s lockscreen? Use the comment field below and share your ideas.