Pierluigi Paganini June 24, 2018

A security researcher has devised a method to brute force a passcode on every Apple iPhone or iPad, even the up-to-date ones.

Since iOS 8 rolled out in 2014, iPhone and iPad devices are protected with encryption, without providing passcode it is quite impossible to unlock the device.

If the user enters more than 10 times a wrong passcode, the Apple device is wiped.

Now the security researcher Matthew Hickey, co-founder of Hacker House, devised a technique to bypass the limitation of the number of wrong passcodes, even on the latest iOS version (iOS 11.3).

Apple IOS <= 12 Erase Data bypass, tested heavily with iOS11, brute force 4/6digit PIN's without limits (complex passwords YMMV) https://t.co/1wBZOEsBJl – demo of the exploit in action.

— hackerfantastic.x (@hackerfantastic) June 22, 2018

Newer Apple devices implement a hardware-based component that’s isolated from the main processor to provide an extra layer of security, it is also used to keeps count of the number of wrong passcodes the user entered and gets slower at responding with each failed attempt.

Hickey explained that when an iPhone or iPad is plugged in, every keyboard input is managed by the device with the highest priority over other processes on the device.

“If you send your brute-force attack in one long string of inputs, it’ll process all of them, and bypass the erase data feature,” he told ZDNet.

If the attacker sends all the passcodes in one single string by enumerating each code from 0000 to 9999 with no spaces, the iOS gives the keyboard input routine priority over the device’s data-erasing feature. This implies that this trick works only after the device is booted up because there are more routines running.

The attack technique devised by Hickey can be effective against devices protected with six-digit passcodes, but it is slow, running about one passcode between three and five seconds each or over a hundred four-digit codes in an hour it would take weeks to unlock the device.

Hickey reported the bug to Apple but still hasn’t received any reply, he also published a video PoC of its attack.

https://vimeo.com/276506763

“I suspect others will find it — or have already found it,” Hickey said.

Apple is implementing a new feature dubbed USB Restricted Mode to improve the security of its device, it is going to lock down the iPhone’s data port to avoid unauthorized access, but experts observed that in this way password-cracking tools used by forensics experts will be no more effective.

Pierluigi Paganini

(Security Affairs – Apple, passcode)

[adrotate banner=”5″]

[adrotate banner=”13″]