Hacker bypasses iOS passcode and it's surprisingly easy

Apple logoPasscodes have pretty much become the standard security measure of choice for most iPhone users. Even in the presence of more advanced biometric solutions, like Face ID, the sheer convenience and approachability of a four, six or even longer digit number, makes it the ideal fallback security measure. The way it works on iOS is simple, yet efficient - you get a total of 10 attempts to enter the code. Fail all of them and the data will get automatically wiped, for security. The number of input attempts is tracked by a hardware module, called the Secure Enclave, making it pretty impossible to actually disable the limit or circumvent it directly. As an extra any brute-force measure, each consecutive pin entry has a slightly longer processing time.

Now for the magic. The way this attack works is by attaching an external input device to the iPhone. One simulation a keyboard, to be exact. A hacker, going by the name "Hickey", figured out that instead of entering codes one by one and then waiting for a validation, you can actually generate all the combinations in a single long string of inputs, without any spaces and send it over to the phone. Apparently, iOS will still attempt to process all the numbers. The other part of the trick stems from the fact that the keyboard input takes precedence over the wipe data command. So, in effect, the Secure Enclave is still counting your failed attempts, but the actual wipe can't occur before the phone is finished processing the inputs. That means that if you iterate through all the possible combinations, you will eventually unlock and cancel out the wipe command.

Now, "eventually" is the operative word here. A four digit passcode typically takes between three and five seconds to process. That roughly equals an hour for just 100 combinations. And you do have 9999 to go through, in the worst case scenario. Things ramp up quickly with six digit codes - which is now the default length on iOS. Still, it is interesting to see that particular brute force attack has been executed successfully even on iOS 11.3.

That being said, Apple hasn't remained oblivious to such issues, since this is far from the only method for circumventing iPhone security out there. Companies, like Grayshift have actually constructed an entire business model, based on such activities. To combat this, iOS 12 has, what is know as a USB Restricted Mode. It prevents the Lightning port from being used to communicate with other devices, if the phone hasn’t been unlocked for over an hour. That makes using methods, like Hickey's brute force attack a lot harder, but definitely not infeasible.

Source: GSMArena

Tags: Apple, break, iOS, security

Comments
Add comment

Your name:
Sign in with:
or
Your comment:


Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party


Last news

 
The new Samsung Family Hub 4.0 refrigerator will give you a smoother interface to use
 
Google has already shown a lot of love for gothic hues
 
The company leads with an interesting prediction
 
Sensor creator AMS can detect ambient light and human proximity from behind an OLED screen
 
The RTX 2060 is priced at $349 for the Founders Edition model
 
Apple Watch uses to identify the wearer and to help authenticate Apple Pay payments
 
The next OnePlus phone will make the switch from the current UFS 2.1 to 3.0
 
Ditching the 3.5mm headphone jack has been a growing trend in the industry
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 /
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
 
 

News Archive

 
 
SuMoTuWeThFrSa
  12345
6789101112
13141516171819
20212223242526
2728293031  




Poll

Do you use microSD card with your phone?
or leave your own version in comments (13)