The world of new technologies has to the point that exciting news spread very quickly. Therefore, it sometimes happens that some reports are later denied by experts. This was the case with the recently discovered “vulnerability” for the iPhone, which really was not. The attacker simply tested it badly.

Matthew Hickey, founder of Hacker House, a few days ago bragged the world with the brute force attack method, which bypassed Apple’s protection cleansing the memory of the iPhone after 10 incorrect attempts to enter the code. The test procedure looks reliable. The author of the attack suspected that it would be enough to send a string containing all possible codes using the Lightning connector. In the case of 6-digit security, a string of 000000000001000002 …. 999999 would have to be generated. However, the iPhone would independently analyze each six separately and after finding the right combination, overwrite the command ordering to clean the smartphone. At least that was the result of analyzing what was visible on the screen. In fact, iOS treated the whole string as a one-time code.

Matthew Hickey confessed to erroneously testing the attack

The whole problem is that Matthew Hickey has not demonstrated a successful brute force attack. The only thing he demonstrated is the ability to manually unlock the iPhone (using the correct code) after sending a string of digits. In fact, Apple’s smartphone interpreted the entire attack as a one-time attempt to enter the code. However, correctly entered code was counted as sample number 2. The author of the failed attack admitted the error.

Throughout the test procedure, there was no successful attempt to unlock the iPhone with a brute force attack. The problem is that testing all combinations from 000000 to 999999 would take 92 weeks, or almost 2 years. However, Matthew Hickey did not have to wait so long to confirm his thesis or to deny it. All you had to do was modify the string of characters used for the attack so that, for example, 20 codes would be the correct combination. Matthew Hickey would then be convinced that his attack did not work.

Source: HackerFantastic

Share This: