New Bug Allows iPhone Passcode to be Hacked [source: interestingengineering]

Apple pushed back on the researcher’s demonstration calling the method an error. The company was proven to be correct when the expert double-checked his testing.

A security researcher took to his Twitter account on Friday to reveal a bug on iOS devices that can allow passcodes to be bypassed through a brute force attack. The video demonstration caused Apple to push back calling the finding an “error.”

A disabling interrupt request

Co-founder of cybersecurity firm Hacker House Matthew Hickey posted a video where he exhibited a method that allowed him to enter an unlimited number of passcodes even on the latest version of iOS 11.3. Under normal circumstances, the device is set to delete all its contents after ten faulty tries.

However, Hickey found that, if an iPhone or iPad was plugged in, any keyboard input would trigger a dangerous and disabling interrupt request. This, according to the expert, meant that sending a bunch of passcodes at once could bypass the erase feature.

“Instead of sending passcode one at a time and waiting, send them all in one go. If you send your brute-force attack in one long string of inputs, it’ll process all of them, and bypass the erase data feature,” he explained.

For more, click here.