Brute force attack lets would-be hackers run as many passcodes as they want without destroying data, ZDNet reports.
A security researcher has figured out a way to bypass the passcode lock limit on an iPhone or iPad, ZDNet reports.
Since the 2014 release of iOS 8, all iPhones and iPads have come with device encryption protected by a four- or six- digit passcode. If the wrong passcode is entered too many times, the device gets wiped, explains ZDNet’s Zack Whittaker.
But Hacker House co-founder Matthew Hickey has found a way “to bypass the 10-time limit and enter as many codes as he wants — even on iOS 11.3,” Whittaker writes. (See video below for Hickey’s demo.)
Hickey “explained that when an iPhone or iPad is plugged in and a would-be-hacker sends keyboard inputs, it triggers an interrupt request, which takes priority over anything else on the device,” Whittaker wrote.
“Instead of sending passcodes one at a time and waiting, send them all in one go,” Hickey told ZDNet. “If you send your brute-force attack in one long string of inputs, it’ll process all of them, and bypass the erase data feature.”
The method, Whittaker adds, will “be affected by Apple’s upcoming USB Restricted Mode, which locks the Lightning port on an iOS device if it hasn’t been unlocked within the last hour.”
Apple didn’t immediately respond to a request for comment.