password hacking iPhone brute force discovered, Apple says "no"

Apple's firm stance on protecting the privacy of its customers through security and encryption is a double-edged sword. On the one hand, it paints a reassuring image for users. But on the other hand, it virtually challenges computer-hackers, sponsored by the state or otherwise, to break through. As such, the Apple device, especially iPhones, have become the main target of hacking attempts. A security researcher initially claimed that he had found a way to guess force codes in force despite the strict limitations of iOS. It turns out, however, that it might not be the case after all.

Apple's Secure Enclave feature is at the heart of this new vulnerability. In a nutshell, it is responsible for only unlocking the phone when a valid or biometric code is given. In the case of entering a password, this limits the number of tests that any one can perform, after which it will refuse any entry until a scheduled timeout. In the worst case, a user may choose to clear the device after ten incorrect attempts.

The co-founder of security firm Hacker House, Matthew Hickey, revealed on Twitter that he may have found a way around these limitations when transmitting data via a Lightning connection. According to Hickey, instead of trying each time a different combination of codes, you can send all possible combinations in one, a huge string of numbers. Secure Enclave will then test them all, as if you had an infinite number of tries.

In response to Apple Insider, Apple simply said that the report was wrong and the result of incorrect tests. The company did not go further into the details, unsurprisingly, but it would appear that they also reached out to Hickey. The safety researcher later changed his tone, saying in practice that it just seemed like dozens of pins were being tested but, in truth, only a small number of them were being tested. ; were.

That said, everything could be questionable in iOS 12. Apple will introduce a restricted USB mode that disables any data transfer via cable after an hour has elapsed since the last successful unlocking attempt. This security feature is meant to cut hacks like this one and the famous GrayKey used by some government agencies at the very root. Reports claim that GrayKey Grayshift manufacturers already have a way around the problem.