Alleged iOS 8 Passcode Bypass Appears to be Fake

By Robert Sorokanich on at

Over the weekend EverythingApplesPro claimed to have found a security vulnerability involving Apple's iOS 8 Touch ID and Passcode. After further testing, it has been determined that this is almost definitely just Touch ID registering the thumbprint on a hair trigger.

The process detailed in the video seems pretty simple but has a low success rate. Essentially, you ask Siri a question on the lock screen. For example, we used "What's the weather like tomorrow." As Siri's thinking up the answer, press the home button and swipe right and it appears slip past Apple's iOS 8 security defences.

The reason it takes so many tries, though, is that the phone appears to actually just be registering the home button press with Touch ID. In our testing, we were able to recreate the process with our own phones with Touch ID turned on; if others used our phones or if Touch ID was off, we couldn't.

So! While iOS 8.0.1 certainly had its issues, iOS 8.0.2 isn't as vulnerable as it might appear.