[ad_1]
For a brief moment, it seemed like a security researcher had found a way to break the security limits on iPhones and iPads by entering an infinite number of access codes in order to hack a device. The so-called vulnerability was apparently even present in the latest version of iOS, 11.3, but Apple has now rebuffed these claims, and the researcher also seems to be backing away on his early findings.
When you try to access a locked iPhone or iPad, users typically have a set number of access code attempts before they are locked. You can even set up your Apple device to automatically erase its contents if an attacker continually tries to guess your password. But according to cofounder Hacker House's cybersecurity firm, Matthew Hickey, if an iDevice is plugged in and that a cracker is trying to send keyboard input, it triggers an interrupt request that replaces all other orders from the device. According to Hickey, this would allow hackers to send all possible combinations of codes in a single string, and as this would give no respite to Apple's software, the entries would take precedence over any security feature of the company. 39, erasing data.
"Instead of sending the code one at a time and waiting, send them all in one go," explained Hickey. "If you send your brute force attack in a long string of entries, it will treat them all and bypass the data erase function."
However, Apple's spokesman countered these claims, simply noting: "The recent report on an iPhone password bypass was wrong, and the result of incorrect tests."
And a little later, Hickey seemed to admit that his method may not have been entirely accurate. In a tweet, the security researcher explained that not all tested access codes are ultimately sent to the secure enclave of an iPhone or an iPad, which is responsible for protection against this type of attacks.
"The [passcodes] do not always go to the [secure enclave processor] in some cases – because of the pocket numbering [or] Inputs too fast – so although it looks like pines are being tested, they are not always sent and therefore they do not count, the devices record fewer accounts than visible, "he said. he noted.
Hickey said that when he tried to check his methods, he found where he might have gone wrong: "I went back to check all the code and tests.When I sent codes to the phone, it appears that 20 or more have entered, but in reality, it only sends four or five pins to check. "
In any case, Apple will soon be debuting another security feature called USB Restricted Mode, which should make it much harder for people to access an iPhone or iPad.
Source link