Simple hack brute forces iPhone passcodes without losing data

iPhone X Passcode

We’ve been hearing a lot about iPhone security these days, what with the controversy kicked up by Apple’s USB Restricted Mode. It’s in the midst of all this that a security researcher has discovered a method to brute force an iPhone running iOS 11.3 or below without losing any data.

Normally, if the wrong passcode gets entered into an iPhone, the handset slows down inputs so a person can only enter passwords after a delay which ranges from a minute to an hour. If the “Erase Data” setting is toggled on (Settings > Touch ID & Passcode > Erase Data), the smartphone wipes itself after 10 attempts.

Matthew Hickey, the co-founder of a cybersecurity firm called Hacker House, says he’s come up with a way to bypass these limitations and enter as many passwords as he wants. His attack can go on for as long as it needs without any information getting deleted or the iPhone slowing down.

iPhone Passcode Hack Method

According to him, all an attacker would need is a locked iPhone and a Lightning cable. They would then have to connect the handset to a computer and send keyboard inputs. This would trigger an interrupt request which takes priority over anything else on the phone.

Instead of entering each passcode one at a time, the hacker has to send the brute-force attack in one long string of inputs ranging from 0000 to 9999. The iPhone’s secure enclave security would process all of them at the same time, thereby skipping past the Erase Data feature.

Hickey explains that sending all the password options in one go doesn’t give the software any breaks, so the keyboard input routine takes top priority over the iPhone’s impulse to wipe all data. He claims the method only works after the smartphone is booted up since there’ll be more routines running.

Also See: iPhones will now share your location when you call 911

You can see the hack in action in the video above. One limiting factor in this method is time. It takes about 3 to 5 seconds to process each set or about a hundred 4-digit codes in an hour. It could take weeks to crack the standard 6-digit code found in most iPhones today.

Further complicating matters is the fact that iOS 12’s USB Restricted Mode could interrupt this process. The tool shuts down the Lightning port after an hour has passed since the iPhone’s passcode was entered. Hickey’s hack requires the luxury of time, so it may not stand up against Apple’s protection.