While the iOS operating system is generally regarded as being pretty secure, there are always people looking for vulnerabilities in the system. Security researcher Matthew Hickey has discovered a method that allows him to brute force iOS 11 passwords while preserving the data on the device.
iOS 11 Security
One of the ways in which iOS 11 protects users from people trying to get into their phones is by putting an entry-attempt restriction on the device. Theoretically, this would keep the efforts to brute force iOS 11 passwords at bay, as the phone would lock would-be hackers out of the device after a certain amount of failed attempts.
However, no software is perfect and it appears as if security research Matthew Hickey has discovered a pretty significant security flaw in the software that allows him to brute force iOS 11 passwords – bypassing the entry restriction and preserving all of the data on the device.
When compared to companies like Google and Microsoft, Apple has generally been a little more stubborn when it comes to protecting their users’ data. They refuse to build backdoors into their devices and thereby block pretty much any entity from accessing the phone. This has caused some controversy as it blocks governmental agencies from obtaining information off of phones, but consumers generally think highly of Apple and their privacy practices.
This new flaw that allows hackers to brute force iOS 11 passwords is certainly severe, and there’s no doubt that Apple is already hard at work patching out the issue as they were tipped off by Mr. Hickey.
Blocking The Ability To Brute Force iOS 11 Passwords
Mr. Hickey, after submitting the data regarding the vulnerability that allowed him to brute force iOS 11 passwords, revealed how exactly he was able to do so to the public.
“Instead of sending passcodes one at a time and waiting, send them all in one go. If you send your brute-force attack in one long string of inputs, it’ll process all of them, and bypass the erase data feature.”
Essentially, the hack works by hooking the device up to a computer via a lightning cable and then sending all possible passcodes to the device in quick succession, from 0000 to 9999. This forces iOS to iterate through every number in a single process, which allowed him to get past the entry-limit restrictions. Since these nearly ten thousand passcodes were all considered one attempt by the device, he wasn’t locked out and was able to brute force iOS 11 passwords.
The news of this hack is bad news for Apple, who is already trying to fight off a $15,000 unlocking tool that allows people to gain access to the company’s smartphones. These tools are very valuable to organizations like the FBI, and Apple is quickly taking action to block any attempts to access secure information.
The fact that a phone can be unlocked as easily as using brute force is definitely extremely concerning, so you should expect a patch in the near future that will return iOS 11 security to the standards that Apple is known for.