Security Researcher Has Found A Hack To Brute Force Locked iPhone’s Passcode On iOS 11 [Video]
Security Researcher Matthew Hickey has discovered a method of brute forcing a passcode on Apple’s iOS 11 platform which removes the entry-attempt restrictions and preserves the data on the device.
Regardless of your own personal platform preference, it’s hard to argue with the fact that Apple takes security extremely seriously. Especially when it comes to the preservation and security of data stored on that device.
You only need to look at the fact that multiple law enforcement agencies with cybersecurity divisions have found it nearly impossible to break into iPhones without requesting the assistance of Apple or actually having the owner of the device cooperate with investigations. However, with Hickey’s discovery, a would-be hacker would simply need an up to date iPhone and a Lightning cable.
Under normal circumstances, one of Apple’s iPhones would come with a passcode entry limit. This means that anyone with access to the device can only enter an incorrect code a limited number of times before the device is entirely locked and the data on it is entirely wiped in order to prevent it from getting into the wrong hands.
On newer devices, Apple’s Secure Enclave takes things to the next level and helps offer an even greater and more intelligent level of protection on the device. Hickey, who co-founder of a cybersecurity firm called Hacker House, has found a way to bypass that using a USB vulnerability:
Instead of sending passcodes one at a time and waiting, send them all in one go. If you send your brute-force attack in one long string of inputs, it’ll process all of them, and bypass the erase data feature.
It seems that the hack works by sending all possible passcodes to the device, from 0000 to 9999, in one long string, forcing the iOS platform to iterate through each number in one process, therefore getting around the entry-attempt restrictions. This definitely will not be great news for Apple, which is currently trying to fight off the ability for a $15,000 unlocking tool to gain access to the company’s smartphones, which makes it a very valuable tool for law enforcement agencies like the FBI.
Check out a video of Hickey’s attack in action and see what you think of this very clever, but very scary method of brute forcing iOS 11 devices.
Hickey has already informed Apple about the problem and the company might be working on a fix for it as we speak.