Apple Refutes Hacker's Claim of 'Brute Force' Passcode Vulnerability in iOS

Apple touts its iPhone and iPads to exist highly secure and difficult to break into, only these bold claims were recently challenged past security researcher Matthew Hickey. He took to Twitter to detail a 'animal forcefulness' method that reportedly bypassed an iOS passcode on any upwards-to-date iPhone or iPad.

Hickey, who's also the co-founder of cybersecurity firm Hacker House, demonstrated the whole brute strength hack procedure on video. Information technology showed him transmitting passcodes over the lightning cable to a locked iOS device, running the latest iOS 11.iii software.

This mechanism inputs all possible 4/ 6-digit combinations without spaces, thus, bypassing the security limits placed on Apple devices. Instead of erasing the content on ten wrong tries, the hacker found a way to trigger an interrupt request, which takes priority over all other requests on iOS. Hickey explains,

Instead of sending passcode ane at a time and waiting, transport them all in one become. If you lot ship your fauna-forcefulness assault in ane long cord of inputs, it'll process all of them, and bypass the erase data feature.

Apple IOS <= 12 Erase Information featherbed, tested heavily with iOS11, animal force iv/6digit PIN's without limits (complex passwords YMMV) https://t.co/1wBZOEsBJl – demo of the exploit in action.

— Hacker Fantastic (@hackerfantastic) June 22, 2018

In a statement received past the AppleInsider, Apple spokesperson Michele Wyman stated that Hickey'due south claims were erroneous and disputed the issue by adding that"the recent written report about a passcode bypass on iPhone was in mistake and a result of incorrect testing."

This was accompanied by a tweet from Hickey, who may or may not take contacted the Cupertino giant. He added to his original assertion saying that the potential 'brute force' hack may non work as initially imagined by him. He further adds that non all passcodes are sent to the secure enclave on an iOS device, so the counter registers fewer counts than a number visible to united states of america – while too existence shown equally being tested.

It seems @i0n1c maybe right, the pins don't always goto the SEP in some instances (due to pocket dialing / overly fast inputs) so although it "looks" similar pins are being tested they aren't e'er sent and so they don't count, the devices register less counts than visible @Apple

— Hacker Fantastic (@hackerfantastic) June 23, 2018

Hickey finally concludes that he will continue to examine the purported hack every bit the same hasn't been replicated by anyone else just yet. But, all this hubbub may shortly come to an end as Apple tree is now looking to render lightning ports useless once the device isn't constitute to have been unlocked in the by hour. This feature is nether testing on iOS xi.four, as well every bit iOS 12, and then we can wait to meet it very soon.

Source: https://beebom.com/apple-refutes-hackers-claim-of-brute-force-passcode-vulnerability-in-ios-devices/

Posted by: raydompen.blogspot.com

Share this post