Apple Refutes Hacker’s Claim of ‘Brute Force’ Passcode Vulnerability in iOS

How to Temporarily Disable Touch ID in iOS 11

Apple touts its iPhone and iPads to be highly secure and difficult to break into, but these bold claims were recently challenged by security researcher Matthew Hickey. He took to Twitter to detail a ‘brute force’ method that reportedly bypassed an iOS passcode on any up-to-date iPhone or iPad.

Hickey, who’s also the co-founder of cybersecurity firm Hacker House, demonstrated the whole brute force hack process on video. It showed him transmitting passcodes over the lightning cable to a locked iOS device, running the latest iOS 11.3 software.

This mechanism inputs all possible 4/ 6-digit combinations without spaces, thus, bypassing the security limits placed on Apple devices. Instead of erasing the content on ten wrong tries, the hacker found a way to trigger an interrupt request, which takes priority over all other requests on iOS. Hickey explains,

Instead of sending passcode one at a time and waiting, send them all in one go. If you send your brute-force attack in one long string of inputs, it’ll process all of them, and bypass the erase data feature.

In a statement received by the AppleInsider, Apple spokesperson Michele Wyman stated that Hickey’s claims were erroneous and disputed the issue by adding that “the recent report about a passcode bypass on iPhone was in error and a result of incorrect testing.”

This was accompanied by a tweet from Hickey, who may or may not have contacted the Cupertino giant. He added to his original assertion saying that the potential ‘brute force’ hack may not work as initially imagined by him. He further adds that not all passcodes are sent to the secure enclave on an iOS device, so the counter registers fewer counts than a number visible to us – while also being shown as being tested.

Hickey finally concludes that he will continue to examine the purported hack as the same hasn’t been replicated by anyone else just yet. But, all this hubbub may soon come to an end as Apple is now looking to render lightning ports useless once the device isn’t found to have been unlocked in the past hour. This feature is under testing on iOS 11.4, as well as iOS 12, so we can expect to see it very soon.

VIA Apple Insider
comment Comments 0
Leave a Reply