A security hole in iOS 11.4 allows unlocking the iPhone by brute force

As reported by Apple to iMore, the method used contains errors and the results are erroneous. In other words, the method used by the security researcher cannot be checked or reproduced by others at the moment.

One of the security measures iPhone and iPad is the unlock code and the automatic deletion of data after several failed attempts. This measure prevents an intruder from accessing mobile data without knowing the password. However, a security expert has managed to skip it using a new method in iOS 11.4 and earlier versions.

Matthew Hickey, security researcher and co-founder of the security company Hacker House, has published a new method that allows access to the iPhone even with a password. Since iOS devices do not allow more than several unlock attempts, Matthew has found a way to prevent iOS from detecting several failed attempts. That is, he has found a method of unlocking by brute force.

All passwords at the same time so that Secure Enclave does not detect them

In the latest generations of the iPhone and iPad, Apple uses a chip dedicated only to security tasks. This dedicated chip includes Secure Enclave, a security system through which all data related to privacy and user safety have to pass. Among other actions, it is also responsible for counting the times that an incorrect password is entered and deleting all the content of the iPhone or iPad after ten failed attempts (if this function is activated).

However, Mattew Hickey has found a way to circumvent all these measures of security of Apple and all you need for this is the device with iOS 11.4 or below and a Lightning cable. Basically, when a password attempt is sent, there is an interruption process that tells the Secure Enclave that counts as an attempt. But if all passwords are sent in a row at once, the Secure Enclave does not detect that there are several different passwords.

Using this method, it is possible to unlock an iPhone or iPad by sending all possible passwords at once. Of course, the process is tedious and really long, since each password takes approximately five seconds. If it is a four-digit password it can take about five hours for a hundred different attempts. If they are six digits it is much longer until you try all the possible options and if the code is alphanumeric … an eternity.

Most likely, GrayKey uses a similar brute-force system to unlock iPhones. However, both this method and GrayKey have the days counted with the new USB restriction function of iOS 12.

This new security method prevents the Lightning cable from transmitting data if more than an hour has passed since the last time the iOS device was unlocked. On the other hand, it is very likely that this security hole is obsolete in iOS 12 now that it has been made public, surely, in fact, Apple has been previously notified.

// ZDNet