Over the past years, Apple has been playing cat and mouse with the security researchers and hackers who keep trying to develop new ways to bypass the security of iPhone. Earlier this year, a new challenge came up in the form of an iPhone unlocking device named GrayKey being used by law enforcement agencies.
The most recent challenge to iOS security has been posed by a security researcher named Matthew Hickey, who has found a method to bypass the 10-time passcode limit.
For those who don’t know, the iPhones we use have a limited number of unsuccessful attempts that one can make before Apple’s security implementation wipes the device and deletes the data forever. This is the primary measure that irritates the notorious elements and police the most while extracting the data out of a phone.
The recent attack is able to bypass the limit even on the iPhones running the recent iOS versions. “An attacker just needs a turned on, locked phone and a Lightning cable,” Hickey told ZDNet.
With the help of a computer and a lightning cable, he has found a way to enter as many passcodes as possible. Instead of attempting to enter passcodes one by one, which results in an interrupt request, he sends all of them in one go.
“If you send your brute-force attack in one long string of inputs, it’ll process all of them, and bypass the erase data feature,” he said. In other words, a hacker can create all combinations and pass them in the form of a string with no spaces.
He has also posted a demo video online with the attack being carried out. More precise details of the attack has been shared with Apple and we should expect this issue getting patched in upcoming iOS 12 release. It’s also unknown if the GrayKey makes use of a similar technique to unlock the iPhone.