iOS Brute Force Method Uncovered

the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
On Friday I ran across an article (https://www.zdnet.com/article/a-hacker-figured-out-how-to-brute-force-an-iphone-passcode/) where a researcher revealed a method to allow the brute forcing of passcodes on iDevices. Of course I had to jump right on it considering it directly effects my work. Lots of research and I thought I was no where. Today, more details came out and they were more related to it not exactly working as he believed. But what was most interesting is that I was actually able to find a method that allowed unlimited attempts at entering passcodes. Seems if there is a will there is a way!
WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff

Comments

  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    So you validated the researcher's findings? So you were able to send 11+ password code attempts vie input from the the data cable to unlock an Iphone without it erasing itself?
    Still searching for the corner in a round room.
  • ErtazErtaz Member Posts: 934 ■■■■■□□□□□
    the_Grinch wrote: »
    On Friday I ran across an article (https://www.zdnet.com/article/a-hacker-figured-out-how-to-brute-force-an-iphone-passcode/) where a researcher revealed a method to allow the brute forcing of passcodes on iDevices. Of course I had to jump right on it considering it directly effects my work. Lots of research and I thought I was no where. Today, more details came out and they were more related to it not exactly working as he believed. But what was most interesting is that I was actually able to find a method that allowed unlimited attempts at entering passcodes. Seems if there is a will there is a way!

    Excellent.
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Spoke too soon it appears! My attempts to recreate what he did (send all combos in a single string) did not work. My phone (running iOS 11.4) would timeout after five failed attempts. In my testing I was able to enter over 30 combos without issue, but it appears that iOS ignores duplicate entries. Thus, if you enter 000000 30 times you don't run into a limit. But if you entered 000000, 111111, 222222, 333333, 444444 then you get hit with the one minute disabled. Looks like it's back to the drawing board!
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
Sign In or Register to comment.