You know the drill. If you enter your iPhone passcode incorrectly ten times the phone is locked. Each time you get it wrong, you have to wait a little longer before trying again. A security researcher claims that by sending those passcode requests really fast, you can brute force a passcode before Apple’s software has a chance to invoke the delay system.
When the CEO of cybersecurity company Hacker House, Matthew Hickey, connected an external keyboard to an iPhone, you send passcode guesses using keyboard input, the action triggers an interrupt request that takes precedence over everything else. So, the iPhone is too busy to wipe the device if the attacker sends passcode guesses quickly.
Apple IOS <= 12 Erase Data bypass, tested heavily with iOS11, brute force 4/6digit PIN's without limits (complex passwords YMMV) https://t.co/1wBZOEsBJl – demo of the exploit in action.
— Hacker Fantastic (@hackerfantastic) June 22, 2018
There’s some speculation that this is what the GrayKey box, being purchased by many law enforcement agencies, does when it accesses locked devices.
Apple has already upped the ante on the GrayKey hack by adding Restricted Mode to iOS 12. This will stop access by USB connection if the device hasn’t been unlocked with a passcode, FaceID or TouchID.
Apple is saying Hickey’s method is “in error, and a result of incorrect testing”.
There’s an escalating battle going on between law enforcement and the technology community with an increased desire for privacy and security by users and “enforced” by vendors and developers is at odds with law enforcement. While the San Bernardino incident in February 2016 was a tipping point, there’s not been an agreement between tech companies and governments on how this will work.
Sadly, it’s likely to take another terrible incident before the issue moves forwards – at least in the United States where much of the development on this front takes place.