Security Researcher Finds Brute Force Exploit to Bypass Apple iOS Passcodes
- A security researcher has discovered an exploit which can bypass iOS passcodes on iPhones and iPads by exploiting the OS’ security mechanisms.
- The passcode feature has been a part of iOS since 2014, and it works via a four or six-digit numeric passcode which made it nearly impossible for iOS devices to be broken into.
- The security researcher from Hacker House found a way to bypass the number of times an incorrect passcode can be entered, allowing him to run all combinations and unlock any iOS device.
A security researcher from cybersecurity firm Hacker House has managed to bypass the Apple iOS security passcode feature and get access to an iPad or iPhone. The exploit works even on iOS 11.3, which is the newest available iteration of the OS. The passcode feature has been around on iOS devices since 2014 and was debuted on iOS 8. Unlike most other digital devices that employ a passcode security feature, an iPhone or iPad makes use of both hardware and software making it nearly impossible for anyone to break into the devices.
Security researcher Matthew Hickey revealed that all a user needs are an iPhone or iPad and an Apple Lightning cable. The exploit manages to bypass the 10-attempt limit after which iOS devices hard reset themselves. The exploit can allow anyone to input unlimited passcodes until the correct one is found. A Brute Force attack can simply send a long string of inputs to the device with all the possible 4 and 6-digit passcodes, eventually breaking open the device.
https://vimeo.com/276506763
Hickey explained that instead of sending the passcodes to the devices one by one, sending all of them at one go can bypass the auto-reset feature. He published a video to demonstrate the exploit and believes that it is quite likely that others know about the exploit as well.
The exploit will not be possible once iOS 12 launches as it includes a USB-restricted mode that prevents data access via USB unless the device is unlocked. Apple has not yet responded to the security researcher who emailed the company about his findings, but a patch is likely to be issued in the near future.
What do you think of the passcode exploit? Do you think Apple will release a security patch for it before iOS 12 comes out? Let us know in the comments below. Get instant updates on TechNadu’s Facebook page, or Twitter handle.