A hacker devised a method to unlock any iPhone and iPad device [source: securityaffairs]
by CIRT Team
A security researcher has devised a method to brute force a passcode on every Apple iPhone or iPad, even the up-to-date ones.
Since iOS 8 rolled out in 2014, iPhone and iPad devices are protected with encryption, without providing passcode it is quite impossible to unlock the device.
If the user enters more than 10 times a wrong passcode, the Apple device is wiped.
Now the security researcher Matthew Hickey, co-founder of Hacker House, devised a technique to bypass the limitation of the number of wrong passcodes, even on the latest iOS version (iOS 11.3).
Newer Apple devices implement a hardware-based component that’s isolated from the main processor to provide an extra layer of security, it is also used to keeps count of the number of wrong passcodes the user entered and gets slower at responding with each failed attempt.
Hickey explained that when an iPhone or iPad is plugged in, every keyboard input is managed by the device with the highest priority over other processes on the device.
“If you send your brute-force attack in one long string of inputs, it’ll process all of them, and bypass the erase data feature,” he told ZDNet.
If the attacker sends all the passcodes in one single string by enumerating each code from 0000 to 9999 with no spaces, the iOS gives the keyboard input routine priority over the device’s data-erasing feature. This implies that this trick works only after the device is booted up because there are more routines running.
The attack technique devised by Hickey can be effective against devices protected with six-digit passcodes, but it is slow, running about one passcode between three and five seconds each or over a hundred four-digit codes in an hour it would take weeks to unlock the device.
For more, click here.