iPhone passcode hacked by security researcher

A security researcher found a way to hack into an updated iPhone using the brute force process of entering as many passcodes as possible.

Matthew Hickey, co-founder of cybersecurity firm Hacker House, discovered that by connecting the iPhone to a computer, hackers could bypass the device wipe feature from activating, according to a report by ZDNet.

iPhones have a “secure enclave” part that keeps track of how many wrong passcodes have been entered. After a certain number of tries, it wipes the device to protect the owner’s data.

Hickey stated that by having the iPhone connected to a computer, an interrupt request function gets triggered, which prioritizes every action coming from the connection over anything happening on the device.

He then sent a long string of possible passcodes numbered from 0000 to 9999 without spaces. The lack of spaces prevents the system from taking a break and allows all the thousands of tries to be processed. Hickey uploaded a video on Vimeo to demonstrate his discovery. The downside to this method lies in its speed.

Each passcode gets processed for around three to five seconds. A hundred four-digit passcodes would take around an hour. Six-digit passcodes, the default for iOS 11, would take weeks to crack.

On the other hand, this kind of attack may loose its effectiveness when iOS 12 rolls out. iOS 12 includes a feature called USB Restricted Mode, which limits the use of cables as purely for charging.  Alfred Bayle /ra

RELATED STORIES:

New ASUS laptop replaces trackpad with multi-function touchscreen

Mid-range Google Pixel phone may come out in 2019

2018 iPhones may get fast-charging USB-C adapters, cables

View comments

TAGS: Cybersecurity, Hacker, iPhone