Apple has dismissed claims made past times safety researcher Matt Hickey who said he had constitute a agency to bypass iPhone safety protections to encounter passcodes every bit many times every bit needed.
Hickey, co-founder of cyber safety theatre Hacker House, had tweeted a video on Fri showing how this tin strength out hold out done past times sending a flow of all possible combinations to the device, which volition trigger an interrupt request.
Apple IOS <= 12 Erase Data bypass, tested heavily amongst iOS11, creature strength 4/6digit PIN's without limits (complex passwords YMMV) https://t.co/1wBZOEsBJl - demo of the exploit inwards action.— Hacker Fantastic (@hackerfantastic) June 22, 2018
He explained that if all combinations are sent inwards i larn using keyboard inputs spell the device is plugged inwards instead of amongst pauses inwards betwixt tries, it volition trigger an interrupt asking that takes precedence over everything else on the device.
However, Apple has since come upwards out together with refuted the claim together with a spokesperson on Sat said, "The recent study well-nigh a passcode bypass on iPhone was inwards error, together with a final result of wrong testing."
Retracting his previous position, Hickey tweeted on sun that devices are nevertheless protected from brute-force attacks every bit non all passcodes that are beingness tested are sent.
It seems @i0n1c possibly right, the pins don't ever goto the SEP inwards roughly instances (due to bag dialing / overly fast inputs) thence although it "looks" similar pins are beingness tested they aren't ever sent together with thence they don't count, the devices register less counts than visible @Apple— Hacker Fantastic (@hackerfantastic) June 23, 2018
This was inwards reference to a previous tweet past times Stefan Esser, CEO of safety theatre Antid0te UG, where he explained that the ascendancy to erase iPhone information subsequently ten tries wasn’t triggered because the diverse combinations were all “ignored” together with counted every bit a unmarried try.
Yes. As i said: you lot tried a bunch of pins inwards i go. Those didn’t trigger erase information because they are truly all ignored together with count possibly every bit i try. thence you lot intermission together with endeavor the right code subsequently the pause. So you lot direct maintain alone executed ii tries.— Stefan Esser (@i0n1c) June 22, 2018
“The device doesn’t truly endeavor those passcodes until you lot pause,” Stefan tweeted.
Aside from its initial statement, Apple has non provided whatever farther explanations. The fellowship is planning on including a characteristic called USB Restricted Mode inwards its upcoming iOS 12 update that volition protect iPhones together with iPads from USB-related exploits.
