New Security Bug in iPhone Lets Attackers Breach the Passcode

July 9, 2018

iphone bug bypass passcodeIt looks like Apple's devices, which have been considered the most secure in the world, are no longer living up to the expectation of being "unhackable". This month, researchers have reported another security flaw in iPhone that allows potential attackers to bypass the passcode and unlock the device without the owner's permission.

Matthew Hickey, who is a security researcher and a co-founder of the cybersecurity company Hacker House, has discovered a new way to breach an iPhone's passcode and access stored data, whereby his method is working on all devices running any iOS version up to 11.3. The trick includes avoiding the 10-time limit of attempts to unlock an iPhone with a wrong passcode after which the device could be set up to delete all data. That is practically giving the hacker the possibility to try as many times as necessary when trying to brute force the iOS device. Hickey also points out that his method does not require any advanced techniques, supposedly, all that is needed is a turned-on iPhone and a lighting cable.

Hickey demonstrates his proof of concept in a video. There, the researcher shows that when an iPhone, or an iPad, is plugged in, a potential attacker could send keyboard inputs to the device. This way, an interrupt request is triggered, and the execution of it takes priority over any other running process on the device. That allows a hacker to send the possible passcodes in one long string containing all code combinations with no spaces, instead of inserting the codes one by one. Hickey claims that then the iPhone will process all passcodes without taking any waiting time and bypass the erase data feature after the 10th wrong input. According to the researcher, the method works for both 4-and 6-digit passcode, however, depending on how complex the code is, it might take between a few seconds and a few weeks to find the matching passcode.

Apple has been informed about the issue, and after several requests for comment, the company's spokesman Michele Wyman has said that Hickey's report is "in error and the result of incorrect testing." Yet, Wyman does not provide any further explanations. In September this year, Apple is rolling out a new feature called USB Restricted Mode which will be available through the company's iOS 12 update. This new feature is supposed to block USB connections if the device has not been unlocked after one hour, yet it is still not clear if that will prevent the hack demonstrated by Hickey.

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 7 + 4 ?