Simple method bypasses an iPhone's passcode limit allowing you to unlock the device



In order to prevent a locked Apple iPhone from being opened by a hacker, Apple allows users to choose a four or six digit passcode. And to further protect the passcode from being discovered, after ten incorrect attempts to punch in the correct digits, the iPhone will automatically be wiped and the information inside is gone forever. Now, a security researcher named Matthew Hickey has discovered a way to bypass the passcode limit allowing him to try as many different passcode combinations as he wants, even on iOS 11.3.

All that is required for the hack is a locked iPhone turned on, and a Lightning cable. When a user starts punching in passcodes trying to unlock the device, a part of the hardware called the secure enclave keeps track of the number of attempts that have been made, and is slower to respond with each incorrect entry. Getting around this is actually easy with the use of a brute force attack. Instead of entering passcodes one at a time and waiting after each entry, Hickey says you should send your entries in one very long string of inputs. Doing this will bypass the passcode limit and the phone will process all of your passcode entries.

All four-digit codes from 0000 to 9999 should be sent with no spaces. When an iPhone is plugged in, keyboard input has precedence over the phone's passcode limit feature. Thus, using this brute force attack results in the handset working on the strong of four-digit passcodes you've inputted and unlocking the phone before the device is wiped. Time, however, is an issue. Because the iPhone takes three to five seconds to process each passcode, it would take an hour to go through just 100 different passcodes. And while this method will also work with six-digit passcodes by running all of the possibilities between 000000 and 999999 at one time, it would take weeks for the iPhone to complete the task. If you've got enough time to test this out, remember that the iPhone you're cracking open must be plugged in.

Earlier this month, we told you that on iOS 12, Apple's USB Restricted Mode will prevent the proprietary Lightning USB port on the iPhone from being used to communicate with other devices if the phone has not been unlocked within the past hour. That will prevent cracking machines like the GrayKey from using the Lightning port to disable the passcode limit on an iPhone. But Grayshift, the company behind the GrayKey, says that it has been able to defeat the USB Restricted mode. If true, that puts the ball back in Apple's court as each side works hard to stay one step ahead of the other.

The USB Restricted Mode does limit the time that someone has to employ Hickey's brute force hack. With iOS 12, you must enter the string of passcodes before an hour passes since the last time that the phone was unlocked. While that doesn't make it impossible to use the hack with iOS 12, it does complicate things a great deal.

Meanwhile, you can check out a video showing Hickey's brute force hack by clicking on the clip found at the top of this article.

source: ZDNet

FEATURED VIDEO

71 Comments

1. NateDiaz

Posts: 1088; Member since: Mar 03, 2018

You call that simple, mate?

3. IT-Engineer

Posts: 542; Member since: Feb 26, 2015

To some yes, very simple. But the moral of the story her is whether your in iOS or Android or any other platform, it's hackable. If it's made by man, it can be broken by man.

5. NateDiaz

Posts: 1088; Member since: Mar 03, 2018

To some like the guy in video, yes. To everyone, no.

14. izim1

Posts: 1598; Member since: Feb 04, 2013

You set the bar, huh? If it isn't simple to you, then it must not be simple to most others. Classic "im the standard" mentality... just because you dont get it, it doesnt mean this method isn't relatively simple. It very much is.

16. NateDiaz

Posts: 1088; Member since: Mar 03, 2018

If it was simple, why didn't you do it first? Stop acting like an idiot, you're better than that.

22. Back_from_beyond

Posts: 1418; Member since: Sep 04, 2015

Believe it or not, the vast majority don't give a damn about hacking an iOS device. The fact it's relatively simple to execute, just means that even someone like you should be able to do it if he wanted to. But considering your primary motivation on here is to worship anything Apple does and stick your head in the sand about anything that negatively affects Apple, maybe calling you simple is giving you too much praise.

24. NateDiaz

Posts: 1088; Member since: Mar 03, 2018

Stop watching movies on hacking, kid. It ain't as easy as shown in movies. Yeah relatively easy to execute must be the reason why FBI asked for Apple's help. Or maybe you're just more intelligent than FBI who knows

26. izim1

Posts: 1598; Member since: Feb 04, 2013

Wiping your rear end is a simple task. Did you know how to do it since birth, or did you have to be taught? If you had to be taught, does that mean it isnt simple, for you?

29. NateDiaz

Posts: 1088; Member since: Mar 03, 2018

What a stupid arument! Everybody wipe their asses but not everyone is a hacker.

34. actorno1

Posts: 4; Member since: Jun 23, 2018

Not everyone wipes lol, some wash too :P

30. tedkord

Posts: 17356; Member since: Jun 17, 2009

He didn't say it was simple to discover, just simple to do once you know how.

47. Finalflash

Posts: 4063; Member since: Jul 23, 2013

Well I wouldn't put it past iFans to assume everyone is the same as them. That's what their whole platform is about, conformity and obedience. He may as well be the standard of intelligence in the iFan camp, they usually are all that dumb.

49. kiko007

Posts: 7493; Member since: Feb 17, 2016

Way to generalize, asshat. Damn shame somebody let you procreate... real tragedy for the species as a whole.

50. Finalflash

Posts: 4063; Member since: Jul 23, 2013

"Real tragedy for the species as a whole" Classic iFan, speaking for the whole species. Always pushing their conformity and pretending everyone is the same as them.

52. kiko007

Posts: 7493; Member since: Feb 17, 2016

Yes, because you're totally above being an ordinary petty human of below average intelligence. /s Can you blame me for not wanting more people like you around? You offer nothing aside from spite, which might I add isn't very useful. We get it "ifans" annoying you... no need to demean an entire subsection of the populous just because you despise Apple's business model.

36. sissy246

Posts: 7110; Member since: Mar 04, 2015

True, you or I wouldn't have thought of this or anyone on this site more then likely but, this guy just showed the whole world with his video. A lot of people do need to stop thinking iPhones and Android phones are unhackable because they are not. Someone will always find a way and this guy once again provided it.

38. NateDiaz

Posts: 1088; Member since: Mar 03, 2018

Still they all acting like they're the biggest hackers

39. sissy246

Posts: 7110; Member since: Mar 04, 2015

I agree Not a one of them would have thought of this. Now that it is shown it's really not that hard.

42. Back_from_beyond

Posts: 1418; Member since: Sep 04, 2015

And you're still crying like a baby...

17. zacsaturday

Posts: 262; Member since: May 09, 2014

How is it not; plug in keyboard, create macro on keyboard to input numbers from 0 to 9999(+99 for 6 digits obviously) (so you would need a QMK keyboard, so you can program a macro in), and activate the macro. Simples

18. NateDiaz

Posts: 1088; Member since: Mar 03, 2018

Simple yet it didn't strike your mind.

25. AngelicusMaximus

Posts: 688; Member since: Dec 20, 2017

It's time to stop commenting. Just take your L.

28. NateDiaz

Posts: 1088; Member since: Mar 03, 2018

Make me stop, can you? Nah you can't do s**t

31. tedkord

Posts: 17356; Member since: Jun 17, 2009

Please don't. You're amusing.

33. NateDiaz

Posts: 1088; Member since: Mar 03, 2018

I know you find things amazing when they go over your head.

45. tedkord

Posts: 17356; Member since: Jun 17, 2009

There's nothing amazing about you. Just amusing.

48. Finalflash

Posts: 4063; Member since: Jul 23, 2013

Cause he wasn't trying to hack iPhones for a living. Thing is, everyone in the business of hacking iPhones has known about this, this guy just made it public. That's how greyboxes work and it's easy to reverse their process and find out how they're doing it, which is probably what this guy did.

57. claustrophobic

Posts: 2; Member since: Jun 23, 2018

Lol Natediaz you must be stupid

66. Mr.Pussy

Posts: 348; Member since: Feb 16, 2017

It was made for iPhone users. iPhone are for simple people(idiots) if you can't remember your passcode this is their next steps. See it's very simple.

2. damonarena

Posts: 47; Member since: Apr 30, 2018

everything is hackable except an iris scanner

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.