Hacker bypasses iOS passcode and it's surprisingly easy

Apple logoPasscodes have pretty much become the standard security measure of choice for most iPhone users. Even in the presence of more advanced biometric solutions, like Face ID, the sheer convenience and approachability of a four, six or even longer digit number, makes it the ideal fallback security measure. The way it works on iOS is simple, yet efficient - you get a total of 10 attempts to enter the code. Fail all of them and the data will get automatically wiped, for security. The number of input attempts is tracked by a hardware module, called the Secure Enclave, making it pretty impossible to actually disable the limit or circumvent it directly. As an extra any brute-force measure, each consecutive pin entry has a slightly longer processing time.

Now for the magic. The way this attack works is by attaching an external input device to the iPhone. One simulation a keyboard, to be exact. A hacker, going by the name "Hickey", figured out that instead of entering codes one by one and then waiting for a validation, you can actually generate all the combinations in a single long string of inputs, without any spaces and send it over to the phone. Apparently, iOS will still attempt to process all the numbers. The other part of the trick stems from the fact that the keyboard input takes precedence over the wipe data command. So, in effect, the Secure Enclave is still counting your failed attempts, but the actual wipe can't occur before the phone is finished processing the inputs. That means that if you iterate through all the possible combinations, you will eventually unlock and cancel out the wipe command.

Now, "eventually" is the operative word here. A four digit passcode typically takes between three and five seconds to process. That roughly equals an hour for just 100 combinations. And you do have 9999 to go through, in the worst case scenario. Things ramp up quickly with six digit codes - which is now the default length on iOS. Still, it is interesting to see that particular brute force attack has been executed successfully even on iOS 11.3.

That being said, Apple hasn't remained oblivious to such issues, since this is far from the only method for circumventing iPhone security out there. Companies, like Grayshift have actually constructed an entire business model, based on such activities. To combat this, iOS 12 has, what is know as a USB Restricted Mode. It prevents the Lightning port from being used to communicate with other devices, if the phone hasn’t been unlocked for over an hour. That makes using methods, like Hickey's brute force attack a lot harder, but definitely not infeasible.

Source: GSMArena

Tags: Apple, break, iOS, security

Comments
Add comment

Your name:
Sign in with:
or
Your comment:


Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party


Last news

 
You can use a security key instead of having a code sent to your phone
 
Adobe says that the AI can now achieve the intended result in seconds
 
A new security protocol replacing the aging WPA2
 
Download and install at your own risk, of course
 
More iPhone parts likely to be produced by Samsung
 
Starting on Friday, video views on YouTube will start to be counted by the Official Charts Company
 
LG has already announced two new V-series members in 2018
 
The method is blocked and the hack doesn’t work, it adds
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 /
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
 
 

News Archive

 
 
SuMoTuWeThFrSa
      1
2345678
9101112131415
16171819202122
23242526272829
30      




Poll

Do you use microSD card with your phone?
or leave your own version in comments (11)