Hacker bypasses iOS passcode and it's surprisingly easy
Monday, June 25, 2018 IST
Passcodes have pretty much become the standard security measure of choice for most iPhone users. Even in the presence of more advanced biometric solutions, like Face ID, the sheer convenience and approachability of a four, six or even longer digit number, makes it the ideal fallback security measure. The way it works on iOS is simple, yet efficient - you get a total of 10 attempts to enter the code. Fail all of them and the data will get automatically wiped, for security. The number of input attempts is tracked by a hardware module, called the Secure Enclave, making it pretty impossible to actually disable the limit or circumvent it directly. As an extra any brute-force measure, each consecutive pin entry has a slightly longer processing time.
Now for the magic. The way this attack works is by attaching an external input device to the iPhone. One simulation a keyboard, to be exact. A hacker, going by the name "Hickey", figured out that instead of entering codes one by one and then waiting for a validation, you can actually generate all the combinations in a single long string of inputs, without any spaces and send it over to the phone. Apparently, iOS will still attempt to process all the numbers. The other part of the trick stems from the fact that the keyboard input takes precedence over the wipe data command. So, in effect, the Secure Enclave is still counting your failed attempts, but the actual wipe can't occur before the phone is finished processing the inputs. That means that if you iterate through all the possible combinations, you will eventually unlock and cancel out the wipe command.
Now, "eventually" is the operative word here. A four digit passcode typically takes between three and five seconds to process. That roughly equals an hour for just 100 combinations. And you do have 9999 to go through, in the worst case scenario. Things ramp up quickly with six digit codes - which is now the default length on iOS. Still, it is interesting to see that particular brute force attack has been executed successfully even on iOS 11.3.
That being said, Apple hasn't remained oblivious to such issues, since this is far from the only method for circumventing iPhone security out there. Companies, like Grayshift have actually constructed an entire business model, based on such activities. To combat this, iOS 12 has, what is know as a USB Restricted Mode. It prevents the Lightning port from being used to communicate with other devices, if the phone hasn’t been unlocked for over an hour. That makes using methods, like Hickey's brute force attack a lot harder, but definitely not infeasible.
Related Topics
Related News & Articles
Mahindra has been keeping itself quite busy lately. The company recently launched the Marazzo MPV and will bring the next-gen Rexton SUV soon, though with the Mah...
Recently posted . 1K views . 6 min read
The 1,500 kg bus can accommodate up to 15 people and can be used inside closed campuses. The on-road version will come later
Recently posted . 948 views . 1 min read
You think you’ve heard everything sometimes, but then you hear something that blows your mind all over again. Today is one of those days. Forget protective co...
Recently posted . 710 views . 3 min read
A class action lawsuit has been filed against Apple in a federal court in California for allegedly using a flawed keyboard design in its MacBook variants since 20...
Recently posted . 779 views . 2 min read
As smart devices have become ubiquitous in our lives, people are becoming increasingly concerned about the privacy implications of the technology.
Recently posted . 817 views . 1 min read
Trending News & Articles
Rolls Royce cars are extremely luxurious. While there are many expensive pieces of equipment in Rolls Royce cars, their most relaxing feature is the silence that ...
Recently posted . 3K views . 2 min read
The following list of India's Top 5 Mobile Charger manufacture Brand 2019
Recently posted . 3K views . 0 min read
View Top 5 Mobile Chargers in India as on 08 Feb 2023. This rundown is compiled according t...
Recently posted . 3K views . 6 min read
XUV300 is the latest entrant in the compact SUV segment.
Recently posted . 3K views . 0 min read
More in Electronics & Gadgets
WhatsApp Pay will use the unified Payments Interface (UPI), a real-time payments system supported by more than 160 banks in India. While WhatsApp Pay had been avail...
Recently posted. 1K views . 2 min read
NEW DELHI: Starting next year, Maruti Suzuki’s bestsellers — Baleno compact and Vitara Brezza mini SUV — will sport a fresh name ...
Recently posted. 823 views . 2 min read
Blackberry Jarvis aims to help automakers with safety backups as they develop software required for self-driving cars.
Recently posted. 877 views . 1 min read
Recently posted . 1K views
Recently posted . 1K views
Recently posted . 2K views
Recently posted . 2K views
Recently posted . 1K views . 105 min read
Recently posted . 1K views . 68 min read
BENGALURU: Search engine giant Google will soon launch its ‘Shopping’ tab in India, allowing users to search for products to buy and di...
Recently posted. 827 views . 2 min read
As the arrival date for the PlayStation 5 draws closer, there has been more information than usual. A few days ago, there were reports that the official slogan of t...
Recently posted. 883 views . 5 min read