A USB-based vulnerability that allows for the brute forcing of a passcode on an iOS device has been discovered by security researcher Matthew Hickey, reports ZDNet.

The method, which bypasses the 10-entry attempt that erases an iOS device when the setting is enabled, allows a hacker to plug an iPhone or iPad into a computer and send all passcodes, from 0000 to 9999, all at once, triggering an input routine that takes priority over anything else on the device. Hickey demos the hack in the video below.

"Instead of sending passcodes one at a time and waiting, send them all in one go," he said.

"If you send your brute-force attack in one long string of inputs, it'll process all of them, and bypass the erase data feature," he explained.

All that's required to use this brute force password cracking method is an iPhone or iPad that's turned on and locked and a Lightning cable, according to Hickey. It works on iOS devices up to iOS 11.3.

Hickey's iPhone cracking method takes between three and five seconds for each four-digit passcode, which means it's slow and not as advanced as other passcode cracking methods employed by companies like Grayshift, which makes the GrayKey box. For this method to guess a six-digit passcode, Hickey says it would take weeks.

Apple in iOS 12 is introducing a new USB Restricted Mode that may put a stop to the vulnerability that Hickey has discovered, as well as vulnerabilities exploited by tools like the GrayKey Box.

ios12usbaccessoriessetting
With USB Restricted Mode, enabled by default on iOS devices running iOS 12, USB access to an iPhone or iPad is cut off if it's been more than an hour since the device was last unlocked.

That means computers and other accessories can't be used to access a locked iPhone if it's been locked for over an hour, disabling access via a USB to Lightning cable.

Update: In a statement obtained by iMore, Apple says "the recent report about a passcode bypass on iPhone was in error, and a result of incorrect testing."

Top Rated Comments

B4U Avatar
83 months ago
Up to iOS 11.3...
Opens settings > general > about > version
Sees 11.4, close settings and move on with life.
Score: 23 Votes (Like | Disagree)
asdavis10 Avatar
83 months ago
Interesting bug.

Maybe instead of just coming up with ideas, Apple needs to have a team who’s job is to try to break or break into every Apple device. They should be full time employed with their sole mission being to find and exploit every possible weakness.
Somehow you seem to think that an almost trillion dollar company doesn't do this. Fact of the matter is that everything has a vulnerability. It's just a matter of how practical the exploit actually is for it to be useful.
Score: 13 Votes (Like | Disagree)
jonblatho Avatar
83 months ago
Testing and engineering design seem to have taken a backseat to thinness recently.
Great, this tired point again.

Apple has different employees who do different things. What you’re suggesting here is like asking a school custodian to take over a classroom from a teacher.
[doublepost=1529717755][/doublepost]
Up to iOS 11.3...
Opens settings > general > about > version
Sees 11.4, close settings and move on with life.
The iOS 11.4 security content notes ('https://support.apple.com/en-us/HT208848') don’t specify anything seemingly related to this bug.
Score: 9 Votes (Like | Disagree)
flyinmac Avatar
83 months ago
Interesting bug.

Maybe instead of just coming up with ideas, Apple needs to have a team who’s job is to try to break or break into every Apple device. They should be full time employed with their sole mission being to find and exploit every possible weakness.
Score: 7 Votes (Like | Disagree)
centauratlas Avatar
83 months ago
Testing and engineering design seem to have taken a backseat to thinness recently.

Between the root bug and ones like this, one wonders how many others are out there.
Score: 6 Votes (Like | Disagree)
TrulsZK Avatar
83 months ago
Get an alphanumeric passcode!

1 attempt takes 4 seconds, that means a 16 digit alphanumeric passcode with upper- and lower case, numbers, and two symbols will take up to 64^16=7,922816251e28 seconds which is in practice never. Unless you can run a dictionary attack or something.

With the brute force attempts an alphanumeric passcode is the only solution to stay safe.
[doublepost=1529735909][/doublepost]
3. Pops SIM out of tray
That is exactly why I want eSIM in the iPhone and passcode requirement when switching your phone off + auto restart after force shut down.
Score: 6 Votes (Like | Disagree)

Popular Stories

mac mini thermal architecture feature

New Mac Mini Has Modular Storage, 256GB Model Will Have Faster SSD

Friday November 8, 2024 7:06 am PST by
Apple has returned to using two 128GB storage chips in the new Mac mini with 256GB of storage, according to a partial teardown video shared on social media today. This means the base-model Mac mini with the M4 chip will not have significantly slower SSD speeds compared to higher-end configurations of the computer with 512GB, 1TB, or 2TB of storage, as multiple NAND chips allows for faster SSD...
Generic iOS 18

Everything New in iOS 18.2 Beta 2

Monday November 4, 2024 12:34 pm PST by
Apple today seeded the second betas of upcoming iOS 18.2 and iPadOS 18.2 updates to developers, and Apple is continuing to refine the Apple Intelligence capabilities. There are also a handful of smaller features that are worth knowing about. Find My Find My has a new option to Share Item Location with an "airline or trusted person" that can help you locate something that you've misplaced....
best buy holiday

Best Buy Reveals Black Friday Plans With Sitewide Sales Available Now

Friday November 8, 2024 10:05 am PST by
Black Friday sales are continuing today with Best Buy kicking off early Black Friday deals that will last for the next few days. Similar to other retailers, Best Buy's early Black Friday event includes sitewide savings on Apple products, headphones, TVs, monitors, video games, and more. Note: MacRumors is an affiliate partner with Best Buy. When you click a link and make a purchase, we may...
iphone passcode green

Cops Suspect iOS 18 iPhones Are Communicating to Force Reboots, Making Unlocking Harder

Thursday November 7, 2024 2:20 pm PST by
Law enforcement officials in Detroit, Michigan are warning other police officers about an alleged iPhone change that causes Apple devices stored for forensic examination to spontaneously restart, reports 404 Media. iPhones that are undergoing examination have apparently been rebooting, which makes them harder to unlock with brute force methods, and Michigan police think that it's due to a...
early apple watch black friday

The Best Early Black Friday Apple Watch Deals

Wednesday November 6, 2024 6:33 am PST by
Black Friday is just around the corner, and Apple Watch deals have begun appearing ahead of the shopping holiday on November 29. In this article, we'll take a look at all of the best early Black Friday Apple Watch deals, including the new Series 10 models. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small...
iCloud General Feature

Here's What's New in Apple's Updated iCloud Terms and Conditions Taking Effect Next Week

Friday September 13, 2024 7:39 am PDT by
Apple has started notifying users about an upcoming revision to its iCloud Terms and Conditions, which takes effect on Monday, September 16. We compared the text of the upcoming iCloud Terms and Conditions with the current U.S. version from September 18, 2023 and identified four key changes: "Apple ID" references have been changed to "Apple Account" throughout. iCloud users must agree to ...
M4 MacBook Pros Thumb

M4 MacBook Pro Reviews: Processor Benchmarks Impress, New Nano-Texture Option Worth the Extra $150

Thursday November 7, 2024 6:14 am PST by
The first wave of reviews of Apple's new M4-powered MacBook Pro models were published this morning. We've collected some of the latest impressions from YouTube channels and select media outlets below. Apple last month announced the new 14-inch and 16-inch MacBook Pro models, adding next-generation M4, M4 Pro, and M4 Max chips, with Thunderbolt 5 ports on higher-end models, display and camera ...