New iOS vulnerability enables brute-force passcode attacks on iPhone 7

New iOS vulnerability enables brute-force passcode attacks on iPhone 7
August 18 15:56 2017

We’ve seen devices for brute-forcing iPhone passcodes before. This tiny $500 box, demonstrated on video by YouTuber “EverythingApplePro”, uses an exploit in iOS 10.3.3 and iOS 11 beta to brute-force hack and bypass iOS’s Lock screen passcode of up to three iPhone 7/Plushandsets at a time—but it could take days to work, depending on the complexity of the passcode.

Normally, attacks like this are impractical due to a user-selectable setting that allows the device to wipe its data clean after ten unsuccessful passcode entries.

In addition, the Secure Enclave cryptographic coprocessor embedded into the main A-series processor enforces escalating time delays after an invalid passcode is entered at the Lock screen to prevent these boxes from trying out many different passcode combinations per second.

But due to a loophole in iOS 10.3.3 and iOS 11 beta, an attacker can use as many passcode attempts as needed on the white “Press home to recover” screen displayed after a new iOS install. In the video embedded below, “EverythingApplePro” uses a simple passcode of “0016” to allow the hack to work more quickly.

The hack takes advantage of iOS’s update process.

“They found a loophole in the data recovery state that allows you to use as many passcode attempts as you want,” the posted explained. Hacking a more complex passcode could take days to complete.

This vulnerability is limited to the latest iPhone 7 and iPhone 7 Plus phones and specific to iOS 10.3.3 and the latest iOS 11 beta. The best way to protect yourself from those kinds of brute-force attacks involves setting up a six-digit or alphanumeric passcode, which could take many weeks or even months to try out all the possible combinations.

TUTORIAL: How to set up a six-digit passcode on your iPhone

An attacker would need to own the $500 device and have your phone in physically possession for potentially days before exposing your passcode. Although older devices/iOS editions are not affected, we fully expect that Apple will soon release a fix to patch the vulnerability.

Earlier this week, iOS hacker “xerub” has managed to extract the decryption key protecting the firmware for Apple’s Secure Enclave cryptographic coprocessor embedded into the iPhone 5s’s A7 chip, and posted it on GitHub. The key’s exposure lets security researchers examine Apple’s secret software that’s running on the Secure Enclave.

User data along with other encryption keys securely stored in the Secure Enclave’s encrypted memory are not at risk of being decrypted, an Apple source said today.

Also relevant, iOS 11 includes a handy shortcut that lets you quickly disable Touch ID and require a passcode to unlock the device.

This could be an important feature should you ever find yourself in a dangerous situation because it ensures that the phone cannot be forcefully unlocked with a fingerprint. For those wondering, the police can force you to unlock your phone using your fingerprint, but they legally can’t force you to do that when using a passcode.

  Article "tagged" as:
view more articles

About Article Author

write a comment


No Comments Yet!

You can be the one to start a conversation.

Add a Comment

Your data will be safe! Your e-mail address will not be published. Also other data will not be shared with third person.
All fields are required.