Contrary to popular belief, Touch ID -- introduced with the iPhone 5s -- does not make your iPhone completely unhackable. Bypassing Touch ID and the passocde is not an easy job, but it can be done. Last year, SilliconAngle covered a security flaw in iOS 9 that made access to Photos possible on anybody’s phone, without knowing the passcode or using Touch ID.
This year, we’re covering security opportunities associated with your iPhone's lockscreen, no matter which iOS version you’re on.
If a fingerprint is not read correctly -- or, if you double tap the home button -- you’re prompted to enter a pincode. If your device is protected with a simple four-digit passcode, the iPhone can be easily unlocked. With only 9,999 possible combinations this code can be cracked. Besides, the most common combinations are available online, making brute-force attacks easier than they might otherwise be.
Research suggests that about 15% of all iPhone users have very common four digit passcodes. Passwords like
0000, birthdays and anniversaries are more frequent than you think. Although in iOS 10 and iOS 9 a six-digit code is selected by default, people still looking for articles on how to switch back to the less secure 4-digit combination.
To bypass the 4-digit passcode security layer, hackers usually go for 5 methods:
- Brute force attack (a few tries until the iPhone is completely disabled)
- Using a sequence of commands with Siri
- Passcode hacking applications
- A fake server
- Resetting the phone using iTunes
Increase your lockscreen’s security
Lockscreen attacks aren't very common, but they’re the easiest to attempt and most likely to succeed if your device is not configured correctly.
Over the past years, various security breaches have occurred, targeting high profile people. The particular nature of a lockscreen attack is that it requires direct contact with the iPhone, meaning your device would be either stolen or misused by people.
For your security and peace of mind, let's help you set up your iPhone to reduce the likelihood of a successful lockscreen hacking attempt.
1. Replace the four-digit passcode with a six-digit password
The first step is to use a six-digit pincode. A four-digit passcode means 9,999 passcode combinations. For a six-digit passcode, a hacker will need about 999,999 attempts to hack the phone. Of course, this can’t happen as long as you have activated a phone wipe after too many failed passcode attempts.
To replace the four-digit passcode with a six-digit password go to
Touch ID and password and choose
Select Passcode. Select
6-Digit Numeric Code then add your password.
2. Replace your password with a longer passcode
By using this method, you can rest assured you'll make the hacker's job much more difficult. For every additional digit used in the passcode structure, the number of necessary attempts is increasing ten times. If for six-digit passcode there are necessary about 999,999 combinations, for a seven-digit passcode the number of combinations increases at 9,999,999.
To activate this option, go to
Touch ID & password, click on
Select passcode then choose
Custom Numeric Code. You will be allowed to use additional numbers to lock your iPhone’s screen.
Remember that you need to have at least iOS 9 on your iPhone if you want to activate this feature on your device.
If your smartphone is running iOS 8 and you still need to increase your iPhone protection, use an alphanumeric code instead. This option allows you to protect your iPhone with a passcode using number and letters.
By using this option and more than eight letters and numbers, you can be sure that the passcode cannot be hacked or guessed as long you don’t use an obvious combination. To activate it, go to
Select Passcode, choose
Custom Alphanumeric Code and add your new credentials. Make sure you remember your passcode to prevent losing your data!
3. Deactivate Control Center access
If you lose your smartphone and you have "Find my iPhone" active your data is still at risk. As long as the potential pickpocket can switch your iPhone’s settings to Airplane Mode, you run the risk of losing control of your remotely controlled device.
The best protection is to ensure Control Center can’t be accessed from the lock screen. To deactivate access from the lock screen, go to
Control Center then use the switch to deactivate
Lock Screen access.
4. Disable Siri’s access to lock screen features
Siri is one of the most appreciated features in iOS, and is expected to grow into a more intuitive AI assistant, with Apple’s recent decision to hire its first director of AI. Currently, in terms of security, the assistant has weak points. Discovered in iOS 9, this simple exploit could make your iPhone accessible even if a hacker doesn’t know the passcode. By using Siri, he could eventually gain access to sensitive data.
To prevent bypassing the passcode you need to make sure that Siri’s settings don’t allow access to your private data. Go to
Settings then select
Touch ID & Passcode. Choose
Allow Access When Locked and turn off
Reply with iMessages. This is similar to disabling access to Control Center from your lock screen.
5. Decrease the time until the iPhone locks itself
iPhones get snatched on the street every now and then. When that happens, the iPhone is usually unlocked, and the thief will have access to everything.
To prevent this, use a shorter time interval for automatic iPhone locking. To decrease the number of seconds until the phone lockscreen is activated you need to change the Auto-Lock timer’s settings.
To do this go on
Auto lock. At this point you can adjust the time available until the iPhone is blocked. The shortest interval of time is 30 seconds (
Immediately). Activate this option and confirm the action. Then go to the
Passcode & Touch ID settings and decrease the time interval until the passcode is required.
6. Remove notifications from iPhone’s screen
Even locked, an iPhone still shows various notifications, accessible to anyone else, as long as they have access to your device. Email and iMessages are displayed on the screen even if the passcode is active and the phone is locked. You can prevent any people seeing your data by hiding notifications from the lock screen.
Repeat these steps for each application installed. Access your iPhone’s
Settings, go to
Notifications and select the app from you need to hide notifications for. Once selected, deactivate both
Show on Lock Screen and
Show Previews then confirm the action. Go to all your sensitive apps and repeat the same steps. Alternately, just disable
Show Previews to hide message content.
By changing your iPhone lockscreen’s default settings, you can increase the security of your device. Even so, these methods are not infallible and there are ways to improve the security and data protection of the iPhone. For your peace of mind, we strongly recommend you activate 2FA on your iCloud account and make sure that you have iCloud Backups enabled.