A USB-based vulnerability that allows for the brute forcing of a passcode on an iOS device has been discovered by security researcher Matthew Hickey, reports ZDNet.

The method, which bypasses the 10-entry attempt that erases an iOS device when the setting is enabled, allows a hacker to plug an iPhone or iPad into a computer and send all passcodes, from 0000 to 9999, all at once, triggering an input routine that takes priority over anything else on the device. Hickey demos the hack in the video below.

"Instead of sending passcodes one at a time and waiting, send them all in one go," he said.

"If you send your brute-force attack in one long string of inputs, it'll process all of them, and bypass the erase data feature," he explained.

All that's required to use this brute force password cracking method is an iPhone or iPad that's turned on and locked and a Lightning cable, according to Hickey. It works on iOS devices up to iOS 11.3.

Hickey's iPhone cracking method takes between three and five seconds for each four-digit passcode, which means it's slow and not as advanced as other passcode cracking methods employed by companies like Grayshift, which makes the GrayKey box. For this method to guess a six-digit passcode, Hickey says it would take weeks.

Apple in iOS 12 is introducing a new USB Restricted Mode that may put a stop to the vulnerability that Hickey has discovered, as well as vulnerabilities exploited by tools like the GrayKey Box.

ios12usbaccessoriessetting
With USB Restricted Mode, enabled by default on iOS devices running iOS 12, USB access to an iPhone or iPad is cut off if it's been more than an hour since the device was last unlocked.

That means computers and other accessories can't be used to access a locked iPhone if it's been locked for over an hour, disabling access via a USB to Lightning cable.

Update: In a statement obtained by iMore, Apple says "the recent report about a passcode bypass on iPhone was in error, and a result of incorrect testing."

Top Rated Comments

B4U Avatar
37 months ago
Up to iOS 11.3...
Opens settings > general > about > version
Sees 11.4, close settings and move on with life.
Score: 23 Votes (Like | Disagree)
asdavis10 Avatar
37 months ago
Interesting bug.

Maybe instead of just coming up with ideas, Apple needs to have a team who’s job is to try to break or break into every Apple device. They should be full time employed with their sole mission being to find and exploit every possible weakness.
Somehow you seem to think that an almost trillion dollar company doesn't do this. Fact of the matter is that everything has a vulnerability. It's just a matter of how practical the exploit actually is for it to be useful.
Score: 13 Votes (Like | Disagree)
jonblatho Avatar
37 months ago
Testing and engineering design seem to have taken a backseat to thinness recently.
Great, this tired point again.

Apple has different employees who do different things. What you’re suggesting here is like asking a school custodian to take over a classroom from a teacher.
[doublepost=1529717755][/doublepost]
Up to iOS 11.3...
Opens settings > general > about > version
Sees 11.4, close settings and move on with life.
The iOS 11.4 security content notes ('https://support.apple.com/en-us/HT208848') don’t specify anything seemingly related to this bug.
Score: 9 Votes (Like | Disagree)
flyinmac Avatar
37 months ago
Interesting bug.

Maybe instead of just coming up with ideas, Apple needs to have a team who’s job is to try to break or break into every Apple device. They should be full time employed with their sole mission being to find and exploit every possible weakness.
Score: 7 Votes (Like | Disagree)
centauratlas Avatar
37 months ago
Testing and engineering design seem to have taken a backseat to thinness recently.

Between the root bug and ones like this, one wonders how many others are out there.
Score: 6 Votes (Like | Disagree)
TrulsZK Avatar
37 months ago
Get an alphanumeric passcode!

1 attempt takes 4 seconds, that means a 16 digit alphanumeric passcode with upper- and lower case, numbers, and two symbols will take up to 64^16=7,922816251e28 seconds which is in practice never. Unless you can run a dictionary attack or something.

With the brute force attempts an alphanumeric passcode is the only solution to stay safe.
[doublepost=1529735909][/doublepost]
3. Pops SIM out of tray
That is exactly why I want eSIM in the iPhone and passcode requirement when switching your phone off + auto restart after force shut down.
Score: 6 Votes (Like | Disagree)

Top Stories

april 2021 event coverage feature

Apple Event Live Coverage: New iPads, AirTags, and More Expected [Event Over]

Tuesday April 20, 2021 9:07 am PDT by
Apple's virtual "Spring Loaded" event kicks off today at 10:00 a.m. Pacific Time, with Apple expected to debut updated iPad models and perhaps some other hardware such as AirTags or iMac models based on Apple silicon. Apple is providing a live video stream on its website, on YouTube, and in the company's TV app across its platforms. We will also be updating this article with live blog...
m1 imac colors

Apple Announces Redesigned iMac With M1 Chip and Seven Color Options

Tuesday April 20, 2021 10:22 am PDT by
Apple has announced a new, redesigned 24-inch iMac, featuring an M1 chip, a 4.5K display, and a range of color options, as well as an improved cooling system, front-facing camera, speaker system, microphones, power connector, and peripherals. The new iMac features a completely new compact design, and comes in a range of seven striking colors, including green, yellow, orange, pink, purple,...
duan rui iphone 12 13 notch

New Images Show Smaller iPhone 13 Notch Compared to iPhone 12

Saturday April 17, 2021 11:38 pm PDT by
Leaker known as "DuanRui" has shared more images that could give us our best look yet at Apple's redesigned notch for the iPhone 13. The new pictures follow similar images shared by the leaker last week, but the latest shots include a comparison with the existing iPhone 12 notch. DuanRui posted three images on Twitter that apparently originate from Weibo, although source details remain...
Top Stories 57 Feature

Top Stories: Apple Event Next Tuesday, Mini-LED iPad Pro, iPhone Rumors

Saturday April 17, 2021 6:00 am PDT by
It feels like we've been waiting forever for new Apple products, but the wait is almost over as Apple has announced a media event for next Tuesday, so make sure to tune into MacRumors for full coverage of everything Apple announces. While that was the big news this week, we also got some new details on Apple's iPhone plans for 2022 and 2023 courtesy of analyst Ming-Chi Kuo, and we also saw...
iphone 12 preorder purple

Apple Launching iPhone 12 and 12 Mini in New Purple Color on April 30

Tuesday April 20, 2021 10:08 am PDT by
Apple today announced that the iPhone 12 and iPhone 12 mini will be available in a new purple color starting April 30, with pre-orders starting this Friday. Apple is also releasing a new MagSafe Leather Case and Leather Sleeve in Deep Violet, a Silicone Case in Capri Blue, Pistachio, Cantaloupe, or Amethyst, and a Leather Wallet in Arizona, all available to order beginning today. iPhone...
f1618938547

Apple Announces AirTag Tracking Devices Starting At $29 Each

Tuesday April 20, 2021 10:10 am PDT by
Apple today announced AirTag, a Tile-like Bluetooth tracking device that's designed to be attached to items like keys and wallets for tracking purposes, letting you find them right in the Find My app. AirTags are accessories for attaching to backpacks, luggage, and other items. Any U1 device like the iPhone 12 can be used for precision finding to guide you right to the item you're looking...
iPad Pro

New 12.9-Inch iPad Pro Will Be 0.5mm Thicker to Accommodate Mini-LED Display

Monday April 19, 2021 11:30 am PDT by
The upcoming 12.9-inch iPad Pro will be thicker than the previous-generation version, likely due to the inclusion of the mini-LED display. We've heard several rumors about the change in thickness, and now leaked design images have confirmed it. A source that designs accessories for Apple devices sent MacRumors a series of photos that feature exact dimensions for the new iPad Pro models, and...
ipad pro with m1 chip

Apple Introduces Next-Generation iPad Pro With M1 Chip, Thunderbolt, 5G, XDR Display, and More

Tuesday April 20, 2021 10:40 am PDT by
Apple today announced the next-generation iPad Pro with the same M1 chip found in the latest Macs, Thunderbolt and USB4 support, 5G connectivity on cellular models with mmWave support in the United States, and more. With an 8-core CPU and 8-core GPU, Apple says the M1 chip in the new iPad Pro provides up to 50% faster performance and up to 40% faster graphics compared to the A12Z Bionic chip ...
iPad Pro Feature Orange

Wedbush Analysts Say 'Spring Loaded' Event Will Debut New iPads With 'Modest Price Increase,' Along With 'a Few Surprises'

Monday April 19, 2021 6:37 am PDT by
Apple is planning to launch a new entry-level iPad, iPad mini, and iPad Pro at its "Spring Loaded" event tomorrow, along with "a few surprises," according to Wedbush analysts. In a new note to investors, seen by MacRumors, Wedbush analysts Daniel Ives and Strecker Backe explained that the iPad will be the main focus of Apple's "Spring Loaded" event, with new entry-level iPad, iPad mini, and ...
flat imac 3d 3 teal

Reliable Leaker Hints Redesigned Colorful iMac to Debut at 'Spring Loaded' Event

Saturday April 17, 2021 4:43 am PDT by
Reliable leaker known as l0vetodream has hinted that Apple may debut its rumored redesigned and colorful iMac at its "Spring Loaded" event on Tuesday, April 20. In a tweet, the leaker posted an image of Apple's logo used for marketing the upcoming event and an image of the retro rainbow Apple logo alongside the colorful lineup of G3 iMacs. Apple leaker Jon Prosser previously reported that...