Apple says researcher is wrong and the iPhone is not vulnerable to his brute force attack

Apple says researcher is wrong and the iPhone is not vulnerable to his brute force attack
Just yesterday, we told you about a way to get around the Apple iPhone's ten passcode attempt limit. Once you fail to open an iPhone after ten cracks at tapping in the correct passcode, the device is automatically wiped. This is done to prevent hackers from obtaining personal information stored in the handset. A researcher named Matthew Hickey said when an iPhone running iOS 11 is plugged in, keyboard input has precedence over the phone's passcode limit feature, which allowed him to design a method using brute force to open an iPhone.

With this in mind, Hickey said that trying all possible four-digit combinations from 0000 to 9999 in one string, and six-digit combinations from 000000 to 999999 in one string, would unlock a plugged in iPhone before it wiped all of the data. Hickey even made a video of the process.

Apple has responded by calling Hickey's claims "erroneous." And support for the company's comments comes from a surprising source, the researcher himself. A new tweet from Hickey said, "the pins don't always goto the SEP in some instances (due to pocket dialing / overly fast inputs) so although it "looks" like pins are being tested they aren't always sent and so they don't count, the devices register less counts than visible." In other words, not all of the passcodes are actually being registered when sent in a long string. No third parties have been able to duplicate Hickey's original claim.

Apple is looking to batten down the hatches with iOS 12. The new build's USB Restricted Mode will prevent the Lighting port on an iPhone from communicating with other devices if that specific iPhone is not unlocked (using the correct passcode) within the last hour. Apple originally designed this feature to prevent cracking machines like the GrayKey from using an iPhone's Lightning port to disable the ten passcode attempt limit. The company behind that machine, Grayshift, says it has already figured out a way to defeat iOS 12's USB Restricted Mode.


FEATURED VIDEO

11 Comments

1. IT-Engineer

Posts: 545; Member since: Feb 26, 2015

Well why didn't the researcher say so from the first place? That not all codes get sent !

2. iPhoneFanboy

Posts: 286; Member since: Apr 21, 2018

Hmm let's see. Apple. Apple. Oh, did I forget? Apple! No one makes money with Android. You mention Apple and droves of robots flood the website articles lol. It puts dinner on the authors table.

8. Vokilam

Posts: 1201; Member since: Mar 15, 2018

But everyone has a chance to make money building phones with android. Fat chance for that happening with iOS - Apple doesn’t share.

3. cncrim

Posts: 1588; Member since: Aug 15, 2011

Maybe a the guy just out of college and trying to impress to the world or his employer he is smart..... and premature discovery?

5. piyath

Posts: 2445; Member since: Mar 23, 2012

This must be so embarrassing for him to admit that he was wrong....huh Maybe he is just another stupid Apple hater like Louise Rossman

9. gigicoaste

Posts: 456; Member since: Feb 21, 2016

as is for Apple the their device is hackable, right? I mean, why they will admit it? Remember how all the issues they had, were not admitted but later on quietly fixed? Same will be with this one. I know it's a nonsense to reply to you, since you cannot think objectively, but I had to state it. :) People like you are so funny, following in blind a company although they receive zero benefit.

4. darkkjedii

Posts: 31055; Member since: Feb 05, 2011

Only one way to find out.

7. Vokilam

Posts: 1201; Member since: Mar 15, 2018

So hold up, this still works, it just skips a few pins as it runs, at random as I understand. So why not type out two identical strings or even three sets of same stings. So if it misses a PIN the first time it will hit it on second or third during the simultaneous run. Or am I not getting this right?

10. Back_from_beyond

Posts: 1421; Member since: Sep 04, 2015

That's exactly what it seems to say.

11. SIGPRO

Posts: 2817; Member since: Oct 03, 2012

apple ignorant as always! Hope this researcher flushes cr@pple!

12. thedizzle

Posts: 197; Member since: Oct 05, 2017

"You're cracking it wrong"

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.