iPhone's Passcode can be Bypassed Through Brute-Force Attack without Erasing Data


A new bug detected in iOS devices up-to-date iPhones and iPads shows that 4/6 digit PIN’s can be bypassed with a brute force attack.
The data encrypted in your iPhone, iPad, or iPod touch devices are protected with a passcode and if the invalid passcode entered for 10 times, then the Operating system wipe’s all data from the phone.
Security Researcher Matthew Hickey found a possible way to bypass the security limits with the latest version iOS 11.3.
Hickey Explained ZDnet that when an iPhone or iPad is plugged in and if the hackers send keyboard inputs it would trigger an interrupt request that takes priority than any other request on the device.
He posted a video explaining how the attack works, the demonstration starts with an iPhone or iPad plugged in, with the device plugged in attackers can send keyboard inputs for entering passcode instead of tapping the device screen.
When the input received from the keyboard it would trigger an interrupt request that take’s priority than anything else happening in the device. If the attacker triggers a brute-force attack in one long string of inputs, it’ll process all of them, and bypass the erase data feature,” Hickey explained.
Hickey reported to Apple about his findings, Apple spokesperson Michele Wyman said Saturday that “The recent report about a passcode bypass on iPhone was in error and a result of incorrect testing.”
He later tweeted “the pins don’t always go to the SEP in some instances, so although it “looks” like pins are being tested they aren’t always sent and so they don’t count, the devices register fewer counts than visible

Comments

Popular posts from this blog

2000 Deep Web Links

Educational Sities and More

Announcing STARTTLS everywhere: Securing HOP-TO-HOP Email Delivery