Hacker bypasses iOS passcode and it's surprisingly easy
Monday, June 25, 2018 IST
Passcodes have pretty much become the standard security measure of choice for most iPhone users. Even in the presence of more advanced biometric solutions, like Face ID, the sheer convenience and approachability of a four, six or even longer digit number, makes it the ideal fallback security measure. The way it works on iOS is simple, yet efficient - you get a total of 10 attempts to enter the code. Fail all of them and the data will get automatically wiped, for security. The number of input attempts is tracked by a hardware module, called the Secure Enclave, making it pretty impossible to actually disable the limit or circumvent it directly. As an extra any brute-force measure, each consecutive pin entry has a slightly longer processing time.
Now for the magic. The way this attack works is by attaching an external input device to the iPhone. One simulation a keyboard, to be exact. A hacker, going by the name "Hickey", figured out that instead of entering codes one by one and then waiting for a validation, you can actually generate all the combinations in a single long string of inputs, without any spaces and send it over to the phone. Apparently, iOS will still attempt to process all the numbers. The other part of the trick stems from the fact that the keyboard input takes precedence over the wipe data command. So, in effect, the Secure Enclave is still counting your failed attempts, but the actual wipe can't occur before the phone is finished processing the inputs. That means that if you iterate through all the possible combinations, you will eventually unlock and cancel out the wipe command.
Now, "eventually" is the operative word here. A four digit passcode typically takes between three and five seconds to process. That roughly equals an hour for just 100 combinations. And you do have 9999 to go through, in the worst case scenario. Things ramp up quickly with six digit codes - which is now the default length on iOS. Still, it is interesting to see that particular brute force attack has been executed successfully even on iOS 11.3.
That being said, Apple hasn't remained oblivious to such issues, since this is far from the only method for circumventing iPhone security out there. Companies, like Grayshift have actually constructed an entire business model, based on such activities. To combat this, iOS 12 has, what is know as a USB Restricted Mode. It prevents the Lightning port from being used to communicate with other devices, if the phone hasn’t been unlocked for over an hour. That makes using methods, like Hickey's brute force attack a lot harder, but definitely not infeasible.
Related Topics
Related News & Articles
In an order granting supremacy to parliamentary legal guidelines over personal laws of religious groups, the ideal court docket Thursday ruled that divorce...
Recently posted . 743 views . 49 min read
India is a land full of wonders. Many man-made and natural marvels exist here that have never failed to leave people in awe and sometimes even quizzical. Following ...
Recently posted . 1K views . 3 min read
Delhi CM Arvind Kejriwal is slated to meet his Haryana counterpart Manohar Lal Khattar in Chandigarh on Wednesday to discuss the raging issue of stubble burn...
Recently posted . 666 views . 2 min read
Indira Gandhi death anniversary: Indira Gandhi is the only woman who served as the Prime Minister of India. Born in a political family, she was the second longest s...
Recently posted . 1K views . 2 min read
Azim Premji backed his staff to take the decisions that would go on to make the IT industry what it is today.
Recently posted . 563 views . 1 min read
Trending News & Articles
While the Uttarakhand High Court has asked to block 857 websites, the Ministry of Electronics and IT (Meity) found 30 portals without any pornographic content.
...
Recently posted . 64K views . 1 min read
The four boys as well as five school officials, including the director and principal, were arrested after the incident. The minors were presented before the Juvenil...
Recently posted . 9K views . 1 min read
Rahul was having an Italian passport and was carrying suitcase full of dollars. Some say it was about was it $2 million.
Rahul and his girl friend was th...
Recently posted . 9K views . 7 min read
True – Tr...
Recently posted . 8K views . 83 min read
More in Electronics & Gadgets
The Beating the Retreat ceremony that is held daily at the at Attari-Wagah Border will not be held on Friday as Wing Commander Abhinandan Varthaman is expected to...
Recently posted. 759 views . 1 min read
Aam Aadmi Party (AAP) convener Arvind Kejriwal has appealed to party workers, volunteers and people in general to donate to the party to enable it contest electio...
Recently posted. 682 views . 1 min read
The bill would be introduced in the state Assembly during the Budget session starting from March 20, the official added.
Recently posted. 655 views . 0 min read
Recently posted . 1K views
Recently posted . 1K views
Recently posted . 2K views
Recently posted . 2K views
Recently posted . 3K views . 20 min read
Recently posted . 3K views . 52 min read
Minister of State for External Affairs M.J. Akbar in a written reply to Lok Sabha gave a list of 31 persons including Nirav Modi and his uncle Mehul Choksi.
Recently posted. 795 views . 1 min read
• In four short years, she has grown her Southeast Asian e-commerce site Zilingo into a global platform with more than 7 million ...
Recently posted. 664 views . 2 min read