Apple devices are infected with a bug that could enable an unlimited number of passcode attempts even on the latest version iOS 11.3, claimed a co-founder of cybersecurity firm Hacker House – Matthew Hickey. However, Apple was quick to dismiss Hickey’s iPhone passcode claim, terming it as an “error.”
iPhone Passcode still safe to use
On Friday, Hickey tweeted a video, demonstrating a method that allowed him to send an unlimited number of passcodes. By default, the iOS device comes with an option to delete all the content in the phone after ten failed attempts to enter the right iPhone passcode.
Apple IOS <= 12 Erase Data bypass, tested heavily with iOS11, brute force 4/6digit PIN's without limits (complex passwords YMMV) https://t.co/1wBZOEsBJl – demo of the exploit in action.
— Hacker Fantastic (@hackerfantastic) June 22, 2018
According to Hickey, if an iPhone or iPad is plugged in, random keyboard input would generate a disable interrupt request, which means sending a number of passcodes all at once could bypass the erase feature. “Instead of sending passcode one at a time and waiting, send them all in one go. If you send your brute-force attack in one long string of inputs, it’ll process all of them, and bypass the erase data feature,” the researcher claimed.
Hickey stated that he already informed Apple about the bug, which is not hard to identify. The researcher also believes that there might be people who have already come across the bug. There are possibilities that companies like Cellebrite, the one behind unlocking the San Bernardino shooter’s phone for the Feds, and GrayKey maker might also be deploying similar techniques to break into the iPhones.
On Saturday, Apple came forward to dispute the researcher’s claim. “The recent report about a passcode bypass on iPhone was in error, and a result of incorrect testing,” the company said. Apple, however, did not reveal anything about how it concluded the testing was incorrect. Later, the security researcher also admitted that all tested passcodes were not sent to the device.
Security features with iOS 12
It is possible that Apple might be aware of similar shortcomings and bugs, and that could be why the company is looking to seal the problem by bringing a USB Restricted Mode, which disables a USB accessory plugged into the iPhone after an hour. It usually takes more than an hour to send a device every passcode combination possible, so the new feature would prevent hackers from force unlocking the iPhones.
About the USB Restricted Mode, Apple says the new feature strives to upgrade their security protections in every Apple product to safeguard the customers against hackers. Apple has maintained that the system has been put in place to prevent compromising the privacy of the customers from hackers, rather than stalemating the investigations by law enforcement.
“We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs,” Apple said.
Apple felt the need to upgrade the security feature in its device after learning about the hacking techniques used by criminals and law enforcement agencies. This prompted the company to cut down the USB stack from the options to protect the consumer data.
Grayshift – the provider of iPhone unlocking software – claims that it has already found the way around the USB Restricted Mode. An email conversation between Grayshift and an anonymous forensics expert (seen by Motherboard) suggests that Grayshift has tried every trick in the book to avoid their technology from becoming redundant, and that they have already trumped the security feature in the beta version.
Grayshift did not reveal much about how they cracked the USB Restricted Mode. Another anonymous person in the email stated that Grayshift “addressed” the USB Restricted Mode during the recent webinar.
Grayshift is not the only company looking to crack the USB Restricted Mode. Other companies such as ElcomSoft stated in May that it might be able to extend the USB Restricted mode beyond the hour’s time limit allowed by Apple. ElcomSoft claims it does so by connecting the iPhone to a paired accessory or computer while it is unlocked. Then the dedicated software disables the feature completely.
Apart from the USB Restricted Mode, Apple has promised several new security features in the upcoming iOS 12. As of now, Apple offers two-factor authentication to login to service in addition to the username and password. The authentication part is a little time consuming as the user needs to check for the codes in the message inbox. While Android phones already have the facility to read the codes directly and autofill for the user, Apple would introduce the same in the iOS 12.
Also, a U.S. only feature will also be added to the upcoming iOS version, wherein emergency calls through 911 would give the caller’s location data to the police services, fire department and so on.