Researcher found how to bypasses iOS passcode entry limit

Security researcher Matthew Hickey discovered a USB-based security vulnerability that exploits this security flaw to brute force the lock screen password of iOS devices. We all know that in the iPhone password setting, there is an option “If you enter the wrong password ten times in a row, all data on this iPhone will erase.” Hickey’s method bypasses this restriction. “Instead of sending passcode one at a time and waiting, send them all in one go. If you send your brute-force attack in one long string of inputs, it’ll process all of them, and bypass the erase data feature,” he said. When a hacker connects an iPhone or iPad to a computer, he can send all password attempts to the iPhone, 0000 to 9999, for brute force.

Apple IOS <= 12 Erase Data bypass, tested heavily with iOS11, brute force 4/6digit PIN's without limits (complex passwords YMMV) https://t.co/1wBZOEsBJl – demo of the exploit in action.

— hackerfantastic.x (@hackerfantastic) June 22, 2018

To brute force an iPhone or iPad, just boot up and then a Lightning cable. After testing, devices with iOS 11.3 installed cannot resist such brute force cracking. Hickey’s brute force method takes 3-5 seconds to enter a 4-digit password each time and is not as advanced as the Grayshift black box cracking tool. If a 6-digit password set on the iPhone, Hickey’s method may take several weeks to complete. The following is a brute-force demo video.

Apple iOS “Erase data” UI glitch from Hacker Fantastic on Vimeo.

In iOS 12, Apple added a new USB-restricted mode. New features will fix Hickey’s brute force methods and will disable the Grayshift black box cracking tool. iOS 12 defaults to the USB limit mode. If the device has unlocked for the last hour, USB access will be cut off.

Source: ZDNet