Security is at top of mind for many of use these days. Even though we might not have anything to hide from law enforcement, we don’t necessarily want them to have a backdoor way to unlock our phones. For those of us on the right side of the law, we shouldn’t have to worry too much. But if you find yourself on the wrong side of the law (for whatever reason), you should know that they have ways. Matthew Hickey, a security researcher and co-founder of the cybersecurity firm Hacker House, has managed to find a way to force his way into an iPhone or iPad that’s running iOS 11.
As you’re well aware, Apple has security measures in place (including hardware and software) that ensures hackers are unable to bypass the passcode in order to gain unauthorized access to a locked iOS device. Hackers continue to try to find a way into your iPhone, but Apple has done a pretty good job of thwarting these attempts by using dedicated security chips on their devices. Known as Secure Enclave chips, it keeps a count of the number of times an incorrect passcode is entered. It will then make it more difficult for you to enter your passcode. You might be aware that if you attempt to unlock an iPhone, unsuccessfully, 10 times, the device will be wiped completely.
That said, Matthew Hickey has found a way to bypass all of these measures. What does he need? A lightning phone and the device to be turned on. His hack works on all iPhones and iPads run-in iOS 11.4 or later. He explains that when a keyboard input is sent to an iPhone or iPad, there is an interrupt request that takes priority over any other action on the device. In order for this to work, a hacker needs to take advantage of this interrupt request and send one long string of inputs instead of sending one passcode at a time.
An attacker can send all the passcodes in one go by enumerating each code from 0000 to 9999 in one string with no spaces. Because this doesn’t give the software any breaks, the keyboard input routine takes priority over the device’s data-erasing feature, he explained.
This particular hack can work with six-digit passcodes. It’s not a fast process, but it can run about one hundred, four-digit codes in an hour – to put things into perspective. The problem that Hickey may run into is whether or not this will work with iOS 12. You may remember that Apple is attempting to put another stop to this with that release. That said, Hickey isn’t attempting to use this for financial gain. In fact, he’s informed Apple about the bug and said that it wasn’t a difficult one to identify.
Where does law enforcement come in? All I’m suggesting is that if someone can develop one of these hacks, it won’t be long before someone from a law enforcement agency has access to the technology. For better or for worse. In this case, Hickey has notified Apple, which means he wants Apple to beef up their security, and not use this for his own benefit.