Despite the efforts made by Apple to protect its systems and devices from breaches and hackers, but from time to time a veteran hacker can penetrate the fortified defenses. Which proves that the challenge against Apple and its protection system will remain until the end. We mentioned in news on the sidelines, for example, that a hacker was able to jailbreak the iOS 12 beta. Today, a hacker does a dangerous trick by which he can exceed the maximum limit for entering the password to unlock the iPhone! How was this done?
It is known that Apple only allows ten wrong attempts to enter the password to unlock the iPhone-lock, then after those failed attempts the system automatically wipes all the contents that are on it forever (if you choose this command from the settings) or stop the iPhone for very long periods of up to tens The years
This security measure is among the security rules and privacy protection that Apple has established in its systems. The truth is that this issue exhausted and angered security forces around the world, especially the US Federal Investigation Department, as they want to access the contents of the suspects' or accused's phones, and this is only done by entering the password endlessly so that they can unlock the phone without any restrictions. However, Apple and other companies prevented that and set limits for entering passwords. ”Even Apple itself does not have access to the user’s passcode, and only the owner of the device can unlock his device. That is why these companies resorted to expensive devices to be able to unlock the phone, and from these devices that we talked about in previous articles GrayKey device.
Matthew Hickey, a security researcher and co-founder of cybersecurity company Hacker House, has uncovered a potential way to bypass the security limits allowed for the number of times an iPhone unlock code is entered, allowing him to enter the largest number of passcodes even on recent versions like iOS 11.4 so you can Unlock the iPhone.
In order to do this, Hickey used an external keyboard only and used it to type in the password instead of the keyboard on the iPhone screen. Thus, you can enter as many passwords as you want, without a maximum limit, to be able to unlock the device.
You can watch the video
It seems that this method works, but it is not of a huge risk because the input is slow and the sites estimated that you can try 100 passwords per hour, for example, but in the end the method works and may be very dangerous because there are many users who did not update to iOS 11.4 because they are waiting for the jailbreak. But certainly Apple will close this loophole, or indeed close it, because it appears in the video that the hacker is running on a system 11.3, so perhaps its vulnerability was closed in 11.4. In general, rest assured, and in iOS 12, you will get a new protection layer, which is to prevent connection to USB devices if more than an hour has passed since the last use of the device.
Are you worried about vulnerabilities appearing in iOS? What do you think of this vulnerability to bypass the maximum password experiment?
Sources:
This is what appears and what is hidden is the greatest
It is impossible if you see the video on Photoshop, you will know that I have tried the broken back.
Thank you, Professor Mahmoud for the article and the explanation.
I liked the addition .. that Apple published a brief explanation this morning (in a response to a professional journalist) about the issue, including its content: “This is not a security vulnerability, but rather it is the result of an error .. and a defect in the implementation mechanism from the security researcher himself.”
So that some security researchers indicated that the way it entered passwords made the system not actually count these attempts (and considered them empty entries) .. and thus explain the matter that prevented the device from stopping (since it did not reach XNUMX experiments for the wrong password) .. What makes the loophole Not really a loophole.
I apologize if the expression did not help me in conveying the image more clearly .. by virtue of some technical expressions.
For those who are fluent in English, you can see the complete and clear text from here.
https://t.co/9M3wvVJ7nQ
Or in case the brothers wanted (or did) to translate it and publish it as an explanatory appendix ..
good greeting
Thank you very much, brother Ismail .. Your comments are very important and useful, as usual
Guys, what is the solution for the App Store? I try to buy from saliva, and it gives me no, what is the solution?
Brother Simo Sen completely agrees
I think the vulnerability is a failed and bankrupt
The reason is to be shown on the media!
Successful methods are sold to organizations that matter
And in fantastic amounts!
Usually security experts reveal any vulnerability after making sure that it is closed in subsequent releases .. in order to avoid using it incorrectly .. which is a fundamental rule of the ethical hacker ..
The second option is to send it to the parent company and to obtain a financial reward for discovering it or a public acknowledgment (depending on each company).
good greeting
Then mobile if you entered 10 times the line symbol enter
If you remember four of the numbers, wait 10 years for it to open
Forgot
Four numbers in this period
This is if the iPhone remembers that it exists, hahaha
If you skip the ten attempts, you will have to restore the device
What I understood from your words is that if the charger is not from Apple, the update to iOS 12 stops charging within an hour, is this correct? Means the place of shipment from anchor company
Charging stops and how?
Rather, any charger, whether from Apple or any third-party company.
The feature prevents you from accessing or sending any information to and from the device (but does not affect the battery charging function)
good greeting
I liked his method very much :)
The privacy issue does not concern me, Apple has reached a high level of security now + its interest and intensification of its efforts to increase security and fill gaps in every update that satisfies me
Thank you, brother Mahmoud Sharaf
The issue of privacy with Apple does not bother me at all because what is available from the privacy capabilities so far satisfies me very much, unlike the next conversation that contains the most 👍 As for this vulnerability, I always make immediate updates as soon as the update is released 😊
After ten attempts, what will happen if the wipe data is locked?
If you have the Touch ID and Passcode settings turned on, delete the data, delete all data and land on iPhonm
Shuts off
And it works
And then iPhone comes back again without iTunes
I said if it unlocked :)
In case you skipped the ten attempts .. the device will be stopped from working and therefore you will have to do a restore to restore it .. even if you turn off the data wipe feature .. (Enter “Disabled mode”)
The only difference is that when activating it, it deletes the data directly even before performing the restore ..
good greeting
Thank you
The correct one is the iPhone, not iPhonm