Apple’s hard stance on protecting its customers’ privacy through security and encryption is a double-edged sword. On the one hand, it paints a reassuring picture for users. But on the other hand, it practically challenges hackers, state-sponsored or otherwise, to break through. As such, Apple’s device, particularly iPhones, have become a prime target of hacking attempts. One security researcher initially claimed he found a way to brute force passcode guessing despite iOS’ hard limits. It turns out, however, that it might not be the case after all.
At the heart of this new vulnerability is Apple’s Secure Enclave feature. In a nutshell, it’s responsible for only unlocking the phone when a valid passcode or biometric is given. In the case of passcode input, it limits the number of tries someone can make, after which it will refuse to accept any input until a timed delay. Worst case scenario, a user can opt to have the device wiped after ten incorrect attempts.
Hacker House security firm co-founder Matthew Hickey revealed on Twitter that he may have found a way to bypass those attempt limits when passing data via a Lightning connection. According to Hickey, instead of trying a different passcode combination each time, you can send all the possible combinations as one, enormous string of numbers. Secure Enclave will then just test them all, as if having an infinite number of tries.
Replying to Apple Insider, Apple simply said that the report was erroneous and a result of incorrect testing. The company didn’t go into further detail, unsurprisingly, but it seems they may have reached out to Hickey as well. The security researcher later changed his tune, saying in practice that it simply looked like dozens of pins were being tested but, in truth, only a small number were.
That said, it might all be moot in iOS 12. Apple will be introducing a USB Restricted Mode which disables any data transfer through a cable after an hour has passed since the last successful unlocking attempt. This security feature is meant to cut off hacks like this and the famous GrayKey used by some government agencies right at the very root. Reports claim that GrayKey makers Grayshift already have a way around it.