The world of new technologies has to the point that exciting news spread very quickly. Therefore, it sometimes happens that some reports are later denied by experts. This was the case with the recently discovered “vulnerability” for the iPhone, which really was not. The attacker simply tested it badly.
Matthew Hickey, founder of Hacker House, a few days ago bragged the world with the brute force attack method, which bypassed Apple’s protection cleansing the memory of the iPhone after 10 incorrect attempts to enter the code. The test procedure looks reliable. The author of the attack suspected that it would be enough to send a string containing all possible codes using the Lightning connector. In the case of 6-digit security, a string of 000000000001000002 …. 999999 would have to be generated. However, the iPhone would independently analyze each six separately and after finding the right combination, overwrite the command ordering to clean the smartphone. At least that was the result of analyzing what was visible on the screen. In fact, iOS treated the whole string as a one-time code.
Apple IOS <= 12 Erase Data bypass, tested heavily with iOS11, brute force 4/6digit PIN's without limits (complex passwords YMMV) https://t.co/1wBZOEsBJl – demo of the exploit in action.
— Hacker Fantastic (@hackerfantastic) June 22, 2018
Matthew Hickey confessed to erroneously testing the attack
The whole problem is that Matthew Hickey has not demonstrated a successful brute force attack. The only thing he demonstrated is the ability to manually unlock the iPhone (using the correct code) after sending a string of digits. In fact, Apple’s smartphone interpreted the entire attack as a one-time attempt to enter the code. However, correctly entered code was counted as sample number 2. The author of the failed attack admitted the error.
It seems @i0n1c maybe right, the pins don't always goto the SEP in some instances (due to pocket dialing / overly fast inputs) so although it "looks" like pins are being tested they aren't always sent and so they don't count, the devices register less counts than visible @Apple
— Hacker Fantastic (@hackerfantastic) June 23, 2018
Throughout the test procedure, there was no successful attempt to unlock the iPhone with a brute force attack. The problem is that testing all combinations from 000000 to 999999 would take 92 weeks, or almost 2 years. However, Matthew Hickey did not have to wait so long to confirm his thesis or to deny it. All you had to do was modify the string of characters used for the attack so that, for example, 20 codes would be the correct combination. Matthew Hickey would then be convinced that his attack did not work.
Source: HackerFantastic
