Security Researcher Matthew Hickey has discovered a method of brute forcing a passcode on Apple’s iOS 11 platform which removes the entry-attempt restrictions and preserves the data on the device.
Regardless of your own personal platform preference, it’s hard to argue with the fact that Apple takes security extremely seriously. Especially when it comes to the preservation and security of data stored on that device.
You only need to look at the fact that multiple law enforcement agencies with cybersecurity divisions have found it nearly impossible to break into iPhones without requesting the assistance of Apple or actually having the owner of the device cooperate with investigations. However, with Hickey’s discovery, a would-be hacker would simply need an up to date iPhone and a Lightning cable.
Under normal circumstances, one of Apple’s iPhones would come with a passcode entry limit. This means that anyone with access to the device can only enter an incorrect code a limited number of times before the device is entirely locked and the data on it is entirely wiped in order to prevent it from getting into the wrong hands.
On newer devices, Apple’s Secure Enclave takes things to the next level and helps offer an even greater and more intelligent level of protection on the device. Hickey, who co-founder of a cybersecurity firm called Hacker House, has found a way to bypass that using a USB vulnerability:
Instead of sending passcodes one at a time and waiting, send them all in one go. If you send your brute-force attack in one long string of inputs, it’ll process all of them, and bypass the erase data feature.
It seems that the hack works by sending all possible passcodes to the device, from 0000 to 9999, in one long string, forcing the iOS platform to iterate through each number in one process, therefore getting around the entry-attempt restrictions. This definitely will not be great news for Apple, which is currently trying to fight off the ability for a $15,000 unlocking tool to gain access to the company’s smartphones, which makes it a very valuable tool for law enforcement agencies like the FBI.
Check out a video of Hickey’s attack in action and see what you think of this very clever, but very scary method of brute forcing iOS 11 devices.
https://vimeo.com/276506763
Hickey has already informed Apple about the problem and the company might be working on a fix for it as we speak.
(Via: ZDNet)
You may also like to check out:
- Kodi 18 Leia Alpha 2 APK Download For Android, IPA For iOS, Xbox One, Windows And Mac Released
- Download: iOS 12 Beta 2 IPSW Links, OTA Update Released
- 100+ iOS 12 Hidden Features For iPhone And iPad [Running List]
- Download iOS 12 Beta 2 Configuration Profile File Without Developer Account
- Download iOS 12 Beta 2 IPSW Links & Install On iPhone X, 8, 7, Plus, 6s, 6, SE, 5s, iPad, iPod [Tutorial]
- How To Downgrade iOS 12 Beta To iOS 11.4 [Tutorial]
You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the Web.