IOS Hack Lets Attackers Brute Force iPhone, iPad Passcodes

  /     /     /  
Publicated : 22/11/2024   Category : security

IOS Hack Lets Attackers Brute Force iPhone, iPad Passcodes


A vulnerability in Apples iOS lets anyone with a Lightning cable bypass the passcode entry restriction designed to protect the companys devices.


Any hacker equipped with the right knowledge and a Lightning cable can bypass iOSs passcode entry restriction and break into an iPhone or iPad, researcher Matthew Hickey has discovered.
Hickey, co-founder of Hacker House, found a means of bypassing systemwide encryption and secure enclaves that Apple introduced to block brute-force attacks. Secure enclaves, a hardware security measure built for cryptographic processes and biometric data protection, work with the newest iOS software to delay incorrect passcode attempts. The more times someone enters an incorrect passcode, the longer the iOS blocks future attempts to enter the device.
In a report on ZDNet, Hickey explains how an attacker can bypass this security restriction by connecting the device to a Lightning cable and entering one long string of passcodes via keyboard input. He later reported this works because not all tested passcodes are sent to the secure enclave. Even when 20 or more passcodes are entered, only four or five might be sent to the enclave for testing.
This type of attack may not be usable in iOS 12 when Apple rolls out USB Restricted Mode, a new security measure designed to prevent break-ins by turning the Lightning cable into a charge-only port if the device hasnt recently been unlocked. The update is a source of frustration for digital forensics firms like Grayshift, which
claims to have
defeated it.
Read more details
here
.
Why Cybercriminals Attack: A DARK READING VIRTUAL EVENT Wednesday, June 27. Industry experts will offer a range of information and insight on who the bad guys are – and why they might be targeting your enterprise. Go
here
for more information on this free event.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
IOS Hack Lets Attackers Brute Force iPhone, iPad Passcodes