Hacker bypasses iOS passcode and it's surprisingly easy
Monday, June 25, 2018 IST
Passcodes have pretty much become the standard security measure of choice for most iPhone users. Even in the presence of more advanced biometric solutions, like Face ID, the sheer convenience and approachability of a four, six or even longer digit number, makes it the ideal fallback security measure. The way it works on iOS is simple, yet efficient - you get a total of 10 attempts to enter the code. Fail all of them and the data will get automatically wiped, for security. The number of input attempts is tracked by a hardware module, called the Secure Enclave, making it pretty impossible to actually disable the limit or circumvent it directly. As an extra any brute-force measure, each consecutive pin entry has a slightly longer processing time.
Now for the magic. The way this attack works is by attaching an external input device to the iPhone. One simulation a keyboard, to be exact. A hacker, going by the name "Hickey", figured out that instead of entering codes one by one and then waiting for a validation, you can actually generate all the combinations in a single long string of inputs, without any spaces and send it over to the phone. Apparently, iOS will still attempt to process all the numbers. The other part of the trick stems from the fact that the keyboard input takes precedence over the wipe data command. So, in effect, the Secure Enclave is still counting your failed attempts, but the actual wipe can't occur before the phone is finished processing the inputs. That means that if you iterate through all the possible combinations, you will eventually unlock and cancel out the wipe command.
Now, "eventually" is the operative word here. A four digit passcode typically takes between three and five seconds to process. That roughly equals an hour for just 100 combinations. And you do have 9999 to go through, in the worst case scenario. Things ramp up quickly with six digit codes - which is now the default length on iOS. Still, it is interesting to see that particular brute force attack has been executed successfully even on iOS 11.3.
That being said, Apple hasn't remained oblivious to such issues, since this is far from the only method for circumventing iPhone security out there. Companies, like Grayshift have actually constructed an entire business model, based on such activities. To combat this, iOS 12 has, what is know as a USB Restricted Mode. It prevents the Lightning port from being used to communicate with other devices, if the phone hasn’t been unlocked for over an hour. That makes using methods, like Hickey's brute force attack a lot harder, but definitely not infeasible.
Related Topics
Related News & Articles
It has already been over six months since various stakeholders have started working on the draft automobile policy, which envisages having a single nodal regulatory...
Recently posted . 908 views . 2 min read
HIGHLIGHTS
• Hotstar VIP offers access to Hotstar Specials and Star network serials
&bul...
Recently posted . 1K views . 3 min read
The Horizon Display on the Huawei Mate 30 Pro is curved at an 88° angle and covers up a significant portion of the sides of the phone. This obviously brings wor...
Recently posted . 737 views . 2 min read
Alongside the Centre’s push for a digital India, a number of begin-America have introduced generation merchandise and structures into areas u . s .&r...
Recently posted . 975 views . 45 min read
Homegrown e-commerce firm Myntra on Wednesday said it will tap 7,500 ‘kirana’ stores in the country to deliver packages faster during its 'End of ...
Recently posted . 932 views . 2 min read
Trending News & Articles
View Top 5 Mobile Chargers in India as on 08 Feb 2023. This rundown is compiled according t...
Recently posted . 5K views . 6 min read
The following list of India's Top 5 Mobile Charger manufacture Brand 2019
Recently posted . 3K views . 0 min read
Rolls Royce cars are extremely luxurious. While there are many expensive pieces of equipment in Rolls Royce cars, their most relaxing feature is the silence that ...
Recently posted . 3K views . 2 min read
XUV300 is the latest entrant in the compact SUV segment.
Recently posted . 3K views . 0 min read
More in Electronics & Gadgets
Like other portable projectors, you can use the Sony Xperia Touch to beam images up walls, tables, and other flat surfaces. Unlike them, you can interact with any i...
Recently posted. 827 views . 1 min read
The turbidity method is based upon a comparison of intensity of light scattered by a sample under defined conditions with the intensity of light scattered by a stan...
Recently posted. 1K views . 3 min read
NEW DELHI: India missed a golden opportunity to implement a fully computerised tax administration system way back in the late '70s as a propo...
Recently posted. 832 views . 1 min read
Recently posted . 1K views
Recently posted . 1K views
Recently posted . 2K views
Recently posted . 3K views
Recently posted . 2K views . 111 min read
Recently posted . 2K views . 256 min read
Solenoid valves are used to control the rate of flow in fluid and air powered tools, systems, and motors. Washing machines and gas boilers use these valves, as we...
Recently posted. 958 views . 3 min read
Her name is Sophia. She looks a bit like Audrey Hepburn and gives facial expressions while talking. She has an answer for every question. And she is the first robot...
Recently posted. 960 views . 13 min read