People consider iPhone as one of the most secure devices in our pockets. Apple provides an option to use either 4-digit or 6-digit passcode to prevent a locked iPhone being opened by a hacker. Also, after ten incorrect attempts to enter the correct passcode, the iPhone gets wiped and the information inside the device is lost forever. But now, a security researcher, Matthew Hickey has found a way to bypass the passcode limit. This would allow him to try as many different passcode combinations as he events.
For this hack to be successful, you’ll just require a locked iPhone which is turned on and a lightning cable. Normally, when a user starts entering the passcodes for unlocking the device, a part of the hardware called the secure enclave activates. It keeps the track of the number of attempts that have been made and is slower to respond with each incorrect entry. Using brute force attack would easily get around with this. Hickeys says you should send your entries in one very long string of inputs instead of entering passcodes one at a time and waiting after each entry. When you do this, it would bypass the passcode limit and the phone would process all your passcode entries.
No spaces should be there when you send all four-digit codes from 0000 to 9999. When the iPhone is plugged in, keyboard input has precedence over the phone’s passcode limit feature. Therefore, when you use this brute force attack, it results in the handset working on the strong of four-digit passcodes you would’ve inputted. It would further result into unlocking the device before your device gets wiped off. An iPhone usually takes 3 to 5 seconds to process each passcode. So, it would take about an hour to go through 100 different passcodes.
This method also works with six-digit passcodes by running all the possibilities between 000000 to 999999 at one time. But it would take weeks for the iPhone to complete the task. So, you can test his out for yourself if you’ve got enough time. But remember that the iPhone, which you’re trying to crack open must be plugged in.
Furthermore, you can check out the video which shows the Hickey’s brute force hack down below.
https://vimeo.com/276506763
