Latest News

Hacker bypasses iOS passcode and it's surprisingly easy
25 June 2018 IST
Hacker bypasses iOS passcode and it

Passcodes have pretty much become the standard security measure of choice for most iPhone users. Even in the presence of more advanced biometric solutions, like Face ID, the sheer convenience and approachability of a four, six or even longer digit number, makes it the ideal fallback security measure. The way it works on iOS is simple, yet efficient - you get a total of 10 attempts to enter the code. Fail all of them and the data will get automatically wiped, for security. The number of input attempts is tracked by a hardware module, called the Secure Enclave, making it pretty impossible to actually disable the limit or circumvent it directly. As an extra any brute-force measure, each consecutive pin entry has a slightly longer processing time.

 
 

Now for the magic. The way this attack works is by attaching an external input device to the iPhone. One simulation a keyboard, to be exact. A hacker, going by the name "Hickey", figured out that instead of entering codes one by one and then waiting for a validation, you can actually generate all the combinations in a single long string of inputs, without any spaces and send it over to the phone. Apparently, iOS will still attempt to process all the numbers. The other part of the trick stems from the fact that the keyboard input takes precedence over the wipe data command. So, in effect, the Secure Enclave is still counting your failed attempts, but the actual wipe can't occur before the phone is finished processing the inputs. That means that if you iterate through all the possible combinations, you will eventually unlock and cancel out the wipe command.
 
 
Now, "eventually" is the operative word here. A four digit passcode typically takes between three and five seconds to process. That roughly equals an hour for just 100 combinations. And you do have 9999 to go through, in the worst case scenario. Things ramp up quickly with six digit codes - which is now the default length on iOS. Still, it is interesting to see that particular brute force attack has been executed successfully even on iOS 11.3.

 
 

That being said, Apple hasn't remained oblivious to such issues, since this is far from the only method for circumventing iPhone security out there. Companies, like Grayshift have actually constructed an entire business model, based on such activities. To combat this, iOS 12 has, what is know as a USB Restricted Mode. It prevents the Lightning port from being used to communicate with other devices, if the phone hasn’t been unlocked for over an hour. That makes using methods, like Hickey's brute force attack a lot harder, but definitely not infeasible.

 
 
 
 
 

Related Topics

 
 
 

Trending News & Articles

 Article
How to make you car as silent as a Rolls Royce inside

Rolls Royce cars are extremely luxurious. While there are many expensive pieces of equipment in Rolls Royce cars, their most relaxing feature is the silence that ...

Recently posted . 2K views . 2 min read
 

 Article
Tata Harrier’s 7-seater Version H7X Will Be Quite Different – Report

Tata Harrier’s three-row seat version in works, details out  

Recently posted . 2K views . 0 min read
 

 Article
Mahindra XUV300 vs Maruti Brezza, Ford EcoSport, Tata Nexon – Price

XUV300 is the latest entrant in the compact SUV segment.

Recently posted . 2K views . 0 min read
 

 Article
Jio bans popular adult websites like Pornhub, Xvideos after DoT order

Mukesh Ambani-owned Reliance Jio appears to have banned hundreds of popular adult websites in India including Xvideos and Pornhub after a recent order by the Depart...

Recently posted . 2K views . 1 min read
 

 
 

More in Electronics & Gadgets

 Article
Sorry Instagram, I don’t want a vertical YouTube

At first glance, a YouTube competitor that lives within Instagram seems like a smart idea. It’s not. Or, it might be. I don’t know.

Recently posted. 608 views . 1 min read
 

 Article
Renault Kwid Outsider Debuts Ahead of Launch in 2019

The Renault Kwid Outsider will come to Brazil in the first half of 2019.

Recently posted. 1K views . 0 min read
 

 Article
Microsoft working on a foldable Surface phone, LG to supply the displays

The so-called "Andromeda" project has been popping up in the news since last year but information is rather scarce. Now, a leaked email along with some ...

Recently posted. 599 views . 1 min read
 

 Video
Clutch, How does it work



Recently posted . 747 views
 

 Article
We asked Amazon Alexa and Google Assistant 12 desi questions: Here’s how they responded

We decided to ask Amazon Alexa and Google Assistant 12 desi questions to determine their intelligence level. These are their responses.  

Recently posted. 550 views . 1 min read
 

 Article
Samsung Galaxy S8's Unusual Screen Resolution Rumoured Ahead of March Launch

Samsung may have confirmed that it will be giving a miss to the MWC 2017 event in Barcelona next month, but that doesn't mean that rumours around the h...

Recently posted. 420 views . 11 min read
 

 
 
 

   Prashnavali

  Thought of the Day

“We do not see things as they are. Instead, we see the things as we are.”
Anonymous

Be the first one to comment on this story

Close
Post Comment
Shibu Chandran
2 hours ago

Serving political interests in another person's illness is the lowest form of human value. A 70+ y old lady has cancer.

November 28, 2016 05:00 IST
Shibu Chandran
2 hours ago

Serving political interests in another person's illness is the lowest form of human value. A 70+ y old lady has cancer.

November 28, 2016 05:00 IST
Shibu Chandran
2 hours ago

Serving political interests in another person's illness is the lowest form of human value. A 70+ y old lady has cancer.

November 28, 2016 05:00 IST
Shibu Chandran
2 hours ago

Serving political interests in another person's illness is the lowest form of human value. A 70+ y old lady has cancer.

November 28, 2016 05:00 IST


ads
Back To Top