Skip to main content

Security researcher shows how to brute force iPhone passcodes [Video]

Avatar for Chance Miller  | Jun 23 2018 - 5:40 am PT
0 Comments

Update: In a statement, Apple has refuted this vulnerability and said it was not tested correctly by the security researcher:

https://twitter.com/reneritchie/status/1010680602708848641

According to a new report from ZDNet, security researcher Matthew Hickey has discovered a new way to bypass the passcode lock on any iOS device. Hickey claims that his brute force tactic works at least until iOS 11.3…

iOS offers a setting that, if enabled, wipes the device after 10 failed passcode attempts. Hickey’s tool, however, is able to bypass that requirement by sending the passcodes all at once, as opposed to one at a time.

Hickey found a way around that. He explained that when an iPhone or iPad is plugged in and a would-be-hacker sends keyboard inputs, it triggers an interrupt request, which takes priority over anything else on the device.

“Instead of sending passcodes one at a time and waiting, send them all in one go,” he said. “If you send your brute-force attack in one long string of inputs, it’ll process all of them, and bypass the erase data feature,” he explained.

Essentially, an attacker would send all possible passcodes in one single attempt, which doesn’t give the software any breaks. Thus, the keyboard input takes priority over the wiping feature. Hickey’s method isn’t necessarily fast, with each passcode taking between three and five seconds to run.

His brute force method will also likely be affected by Apple’s upcoming USB Restricted Mode, which locks the Lightning port on an iOS device if it hasn’t been unlocked within the last hour.

Hickey emailed Apple details of the bug, but he said it was “not a difficult bug to identify.” A spokesperson for Apple did not immediately respond to a request for comment.

“I suspect others will find it — or have already found it,” he said.

What similarities Hickey’s method carries to tools like GrayKey is unclear, but GrayKey requires a standalone box and generally costs around $15,000. Grayshift, however, claims to have already defeated Apple’s new USB Restricted Mode in iOS 12.

[vimeo 276506763 w=1000 h=563]

Subscribe to 9to5Mac on YouTube for more Apple news:

Add 9to5Mac to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Mac on YouTube for more Apple news:

Comments

Guides

iOS

iOS

iOS is Apple's mobile operating system that runs…

Author

Avatar for Chance Miller Chance Miller

Chance is an editor for the entire 9to5 network and covers the latest Apple news for 9to5Mac.

Tips, questions, typos to chance@9to5mac.com