iOS Hack Lets Attackers Brute Force iPhone, iPad Passcodes
A vulnerability in Apple's iOS lets anyone with a Lightning cable bypass the passcode entry restriction designed to protect the company's devices.
Any hacker equipped with the right knowledge and a Lightning cable can bypass iOS's passcode entry restriction and break into an iPhone or iPad, researcher Matthew Hickey has discovered.
Hickey, co-founder of Hacker House, found a means of bypassing systemwide encryption and secure enclaves that Apple introduced to block brute-force attacks. Secure enclaves, a hardware security measure built for cryptographic processes and biometric data protection, work with the newest iOS software to delay incorrect passcode attempts. The more times someone enters an incorrect passcode, the longer the iOS blocks future attempts to enter the device.
In a report on ZDNet, Hickey explains how an attacker can bypass this security restriction by connecting the device to a Lightning cable and entering one long string of passcodes via keyboard input. He later reported this works because not all tested passcodes are sent to the secure enclave. Even when 20 or more passcodes are entered, only four or five might be sent to the enclave for testing.
This type of attack may not be usable in iOS 12 when Apple rolls out USB Restricted Mode, a new security measure designed to prevent break-ins by turning the Lightning cable into a charge-only port if the device hasn't recently been unlocked. The update is a source of frustration for digital forensics firms like Grayshift, which claims to have defeated it.
Read more details here.
Why Cybercriminals Attack: A DARK READING VIRTUAL EVENT Wednesday, June 27. Industry experts will offer a range of information and insight on who the bad guys are – and why they might be targeting your enterprise. Go here for more information on this free event.
About the Author
You May Also Like
Transform Your Security Operations And Move Beyond Legacy SIEM
Nov 6, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024