You just need a Lightning cable to do the job
Apple’s security is known to be one of the best among all the mobile handsets. Be it an iPhone, iPad or Apple Watch; security is something that is strenuous to be breached. But what if, someone can hack into your iPhone by entering password repeatedly? Yes, that’s what has happened recently.
By default, if you enter the wrong password multiple times, the iPhone tends to lock for a specific period. If you still try to log in again and again, iPhone may get locked for even years. But a security researcher has revealed a bug on iOS devices that can allow passcodes to be bypassed through a brute force attack.
Matthew Hickey, Co-Founder, Hacker House cybersecurity, got hold of a way to bypass the iPhone's security measures. The video reveals the way that allowed him to enter an unlimited number of passcodes on iPhone running iOS 11.3. The frightening concern over here is the fact that one can even breach into the latest version of Apple's mobile platform also.
Apple IOS <= 12 Erase Data bypass, tested heavily with iOS11, brute force 4/6digit PIN's without limits (complex passwords YMMV) https://t.co/1wBZOEsBJl - demo of the exploit in action.— Hacker Fantastic (@hackerfantastic) June 22, 2018
"Instead of sending passcode one at a time and waiting, send them all in one go. If you send your brute-force attack in one long string of inputs, it'll process all of them, and bypass the erase data feature," Hickey explained in the video.
To do the trick, you just need a running iPhone and a Lightning cable. Once the iPhone is plugged, the hacker bombards the device with different combinations of the passcode. It triggers an interrupt request that is picked by the device immediately. This way, the device will be preoccupied with every new passcode. Ultimately, this technique allows the hacker to enter end number of passcodes.
Hickey claimed that the bug has been reported to the Apple, as it isn’t that complicated to identify.
However, Apple debunked the claim and labeled the finding as an "error." Michele Wyman, the Apple spokesperson, said, "The recent report about a passcode bypass on iPhone was in error and a result of incorrect testing."
Interestingly, Apple released a new Restricted mode feature in iOS 12 that cuts off an iPhone's ability to connect to a USB accessory plugged into it after an hour. So if someone tries to break into a device running iOS 12, the window to breach it will be only for 1 hour, and after that, the device will be locked.