A researcher specialized in information security training recently discovered an Apple operating system failure that allows anyone with a Lightning cable the ability to bypass the password attempts limit of an iPhone or iPad, opening the door to brute force attacks.
Matthew Hickey, co-founder of information security company Hacker House, discovered a method to bypass the ten-attempt access code restriction designed to frustrate brute force attacks on blocked iOS devices.
Apple introduced system-wide encryption with iOS 8 in 2014, a security measure that was then backed up by special hardware protection called Secure Enclave Processor. Combined with iOS latest software, the secure enclave can stop brute force attacks by delaying multiple incorrect access code attempts. The operating system pauses the entry after four consecutive attempts, the first starting in one minute and running at one hour by the ninth error. Users can further protect their data by enabling a function that performs a system erasure after ten consecutive failed attempts.
Even so, the specialist in information security training says that the security protocol can be avoided by sending mass access code entries through the Lightning cable. Transmitting a series of access codes by using the keyboard triggers an interrupt request that takes precedence over all other operations on the device, including the data erasure protocol.
“Instead of sending passwords one at a time and waiting, they are sent all at once”, said Hickey. “If you send your brute force attack in a long string of entries, the device processes them all and skips the erase data function”, he explained.
The attack is slow, but effective; it has been verified to work with four-digit and six-digit codes. However, a six-digit code may take weeks to decipher.
This method could become obsolete when iOS 12 is presented. The next version of iOS includes a “Restricted USB Mode” that disables wired USB data connections after a certain amount of time. The function requests users to enter an access code when they attempt to transfer data to or from a USB device connected to an iPhone that has not been unlocked in the last hour.
This new security feature also thwarts the efforts of digital forensic companies as they commercialize relatively low-cost iPhone unlocking methods for law enforcement agencies. Reports suggest that several specialists in information security training have already defeated this function, although it is not clear how they have done so.