A security researcher named Matthew Hickey recently demonstrated a simple hack to get inside any iPhone with just a Lightning cable and a lot of time. Apple has now refuted his claims without explaining why.
To recap, Hickey’s method involves connecting an iPhone to a computer and then sending it keyboard inputs in one long stream. The brute-force attack forces the handset to process all the different passcodes at once, bypassing iOS’ erase data tool. The feature wipes all data after 10 failed password attempts.
Hickey later followed up his original tweet with another one which offered a slight correction. Another security researcher named Stefan Esser helped him realize that not all the passcodes he’s sending to the iPhone’s secure enclave are getting processed.
Also See: 6.1-inch LCD iPhone image leaked
This happens in a few cases because of pocket dialing or overly fast inputs. So while it looks like the pins are getting tested one after the other, the codes aren’t always sent. This means the iPhone is registering less counts than visible.
Hickey told ZDNet that he double checked the process and discovered that when he sent passcodes to his iPhone it seemed like 20 or more were being entered, but it was actually only sending 4 or 5 pins to be checked. This would naturally limit the effectiveness of the hack.
Apple Response to iPhone Passcode Hack
After refusing to comment initially, Apple later stated that the report about a passcode bypass on the iPhone was in error and a result of incorrect testing. It didn’t say what exactly was wrong with it, but it’s possible it noticed the same limitation which Hickey found out about afterward.
In any case, Apple has a new USB Restricted Mode coming in iOS 12 which will severely limit this method. The feature cuts off access to the Lightning port if it’s been an hour since the iPhone was unlocked.