Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple disputes claims of iOS 'vulnerability' to brute force passcode hack

GrayKey forensic tool. | Source: MalwareBytes

Last updated

Apple on Saturday responded to reports suggesting a security researcher had discovered a simple to execute bypass to iOS passcode protections, saying the supposed vulnerability is in fact the result of erroneous testing.

On Friday, security researcher Matthew Hickey detailed a method of bypassing iPhone's built-in countermeasures to brute force passcode hacks.

Specifically, Hickey said sending passcodes en masse over Lightning to a locked iPhone or iPad triggers an interrupt request that takes precedent over other device operations. In such a scenario, a hacker would key in all possible passcode combinations enumerated from 0000 to 9999, or 000000 to 999999 in the case of a six-digit code, as one consecutive string without spaces.

Through this purportedly operable mechanism, Hickey said a nefarious user would be able to bypass Apple's secure enclave safeguards, including delays implemented between incorrect passcode inputs and an option to completely wipe stored device data after ten consecutive failed attempts.

Apple in a statement to AppleInsider said Hickey's claims are erroneous.

"The recent report about a passcode bypass on iPhone was in error, and a result of incorrect testing," Apple said.

The statement is seemingly backed up by a Twitter post by Hickey, who on Saturday amended his original assertions to explain the supposed hack might not function as initially thought.

"It seems @i0n1c maybe right, the pins don't always goto the SEP in some instances (due to pocket dialing / overly fast inputs) so although it 'looks' like pins are being tested they aren't always sent and so they don't count, the devices register less counts than visible," he said in a tweet.

Whether Apple communicated with Hickey is unknown, though the researcher on Friday said he recently contacted the company about the ostensible exploit.

Hickey continues to examine the issue, though his initial findings have yet to be replicated or validated by a third party.

In any case, Apple is looking to render all USB-related iPhone and iPad exploits obsolete with an upcoming software update this fall. The company's iOS 12 incorporates a new "USB Restricted Mode" that disables hardwired USB data connections if a correct passcode is not provided after a predetermined time period. In current beta iterations, that time window stands at one hour.

According to Apple, the new feature is designed to disrupt unwarranted iPhone access by hackers and governments that do not afford their citizens the same protections as U.S. laws.



42 Comments

backstab 138 comments · 11 Years

Kind of confusing. Is Apple suggesting that the guy is lying? Or was he, in fact, able to break into the phone; or not?
Which is it?

tmay 6456 comments · 11 Years

backstab said:
Kind of confusing. Is Apple suggesting that the guy is lying? Or was he, in fact, able to break into the phone; or not?
Which is it?

From the article, my reading comprehension has that the guy isn't lying, just that the result "was in error, and a result of incorrect testing" according to Apple. The fact that the initial findings havn't been able to be replicated or validated by a third party indicates that Apple appears to be correct.

addison 1002 comments · 23 Years

The Israelis have a device that they sell to governments that can access all iPhones including the X at will. In the Uk the police will just snoop your phoes if they wish to and no search warrent is required.

foggyhill 4767 comments · 10 Years

addison said:
The Israelis have a device that they sell to governments that can access all iPhones including the X at will. In the Uk the police will just snoop your phoes if they wish to and no search warrent is required.
it's not "at will", they have to fracking decap the god damn chip. Man, I'm tired of such crap.
And even there, if you have a wacky long passcode, how the hell would they get in that way.

All ways of getting in depend on bypassing the brute force restriction. The originality of the israeli method that used to work in older phones is that it also allows mirroring the device memory to allow cracking on another device. That can't happen in later phones. 

Put a god damn string of 3-4 imojis in your passcode and your set for a quasi eternal crack time for whoever gets your device.

capasicum 92 comments · 12 Years

backstab said:
Kind of confusing. Is Apple suggesting that the guy is lying? Or was he, in fact, able to break into the phone; or not?
Which is it?

The article is quite clear, actually. What happens is that when flooding the the device with PIN numbers, not every PIN is checked by the device. Some PINs are skipped, although it seems that all of them are checked. So, there is a non-zero probability that the correct PIN is skipped.