Researcher claims to bypass iPhone security limits, but may have spoken too soon

iphone x notch
Julian Chokkattu/Digital Trends

For a brief moment, it seemed as though a security researcher had found a way to get past the security limits on iPhones and iPads by entering an infinite number of passcodes in order to hack into a device. The purported vulnerability was apparently even present in the latest version of iOS, 11.3, but Apple has now pushed back on these claims, and the researcher also appears to be backtracking on his initial findings.

When attempting to access a locked iPhone or iPad, users generally have a set number of passcode attempts to make before being locked out. You can even set your Apple device to automatically erase its contents if a hacker continuously attempts to guess your passcode. But according to Hacker House cybersecurity firm co-founder Matthew Hickey, if an iDevice is plugged in and a hacker tries to send keyboard inputs, it sets off an interrupt request that supersedes all other commands on the device. This, Hickey said, would allows hackers to send every single possible passcode combination in a single string, and because it wouldn’t give Apple’s software any respite, the inputs would take priority over any data-erasing security feature.

“Instead of sending passcode one at a time and waiting, send them all in one go,” Hickey explained. “If you send your brute-force attack in one long string of inputs, it’ll process all of them and bypass the erase data feature.”

However, Apple’s spokesperson countered these claims, noting simply, “The recent report about a passcode bypass on iPhone was in error, and a result of incorrect testing.”

And a bit later, Hickey seemed to concede that his method may not have been entirely accurate. In a tweet, the security researcher explained that not all of the tested passcodes are ultimately sent to an iPhone or iPad’s secure enclave, which is responsible for guarding against these sorts of attacks.

“The [passcodes] don’t always go to the [secure enclave processor] in some instances — due to pocket dialing [or] overly fast inputs — so although it ‘looks’ like pins are being tested, they aren’t always sent and so they don’t count, the devices register less counts than visible,” he noted.

Hickey said that when he attempted to verify his methods, he found where he may have gone wrong: “I went back to double check all code and testing. When I sent codes to the phone, it appears that 20 or more are entered but in reality it’s only ever sending four or five pins to be checked.”

In any case, Apple will soon be debuting another security feature called USB Restricted Mode, which should make it much more difficult for folks to access an iPhone or iPad.

Computing

After fourth attack, hacker puts personal records of 26M people up for sale

A serial hacker going by the name of Gnosticplayers is selling the personal data of 26 million people who have been using the services of six different companies from across the world.
Computing

The next Microsoft Surface Pro could have a redesigned kickstand hinge

A Microsoft patent could provide additional details on the hinge of the next Surface Pro. The patent describes "secured device portions" and the inner workings of a hinge mechanism for a device in space-constrained environments. 
Deals

Here are the 5 of the best antivirus solutions for your small business

Getting your business off the ground is hard enough, and dealing with viruses, hackers, and security breaches only makes it harder. These 5 antivirus solutions can help keep you protected.
Computing

Share encrypted files via Mozilla’s Firefox Send, a free file-sharing service

Software developer Mozilla has announced the release of its new, free file-sharing service, Firefox Send. It is expected to offer users a number of security features aimed at sending even large files for free.
Mobile

FCC to help first responders pinpoint 911 callers in multistory buildings

When someone calls 911 from their cell phone, wireless carriers provide operators with an approximate location. Now the FCC wants the carriers to provide vertical location data to pinpoint 911 callers inside multi-story buildings.
Mobile

Latest Samsung Galaxy smartphone will pop up on April 10

Samsung will show at least one new Galaxy phone off on April 10, it has confirmed in a teaser tweet. The Galaxy A90 may make its first appearance, and it's rumored to have a pop-up camera and a notch-less screen.
Mobile

Leaked ZTE concept phones are crazy, possibly fake, and totally worth seeing

Renders of what may be ZTE concept phones may show how the manufacturer could avoid using the notch on future devices. They're crazy -- and maybe not even real -- but they're definitely worth looking at.
Mobile

The iPad Mini, Apple’s tiny tablet, makes a return with powerful specs

Apple has finally revealed the iPad Mini. With all-new and upgraded specs, support for the Apple Pencil, and a fantastically inclusive price, here's everything you need to know about the iPad Mini.
Mobile

The Apple iPad Air is the power-packed tablet for everyone

The iPad Air is the less serious cousin to Apple's iPad Pro range, and it's the perfect addition to your coffee table. But it's no less powerful. Here's everything you need to know about the iPad Air.
Mobile

Get excited for your Sony Xperia 10 or 10 Plus by getting it set up just right

If you've picked up one of the Sony's more affordable smartphones, you may be be wondering what hidden depths lie within. We've got some handy Sony Xperia 10 tips for you here to help you get to grips with your new phone.
Deals

This is the one thing you need to do before giving your child a smart phone or tablet

Monitoring your kids' digital habits can be a challenge in today’s high-tech age, but great parental control software like Qustodio gives parents a much-needed advantage Read on to find out how you can protect your child from online…
Mobile

How to choose an iPad in 2019: A practical guide to Apple’s tablets

Selecting an iPad from Apple's lineup can be intimidating, but it doesn't have to be. Our comprehensive guide should put the numbers and specs in practical, easy-to-understand terms. Find your ideal iPad with the help of our guide.
Mobile

These voice-changing apps will have you punking friends and family like a pro

Have you ever wanted to call your friends as Darth Vader or Alvin from the Chipmunks? If you want to play a prank on your friends, we have the best voice-changer apps for iOS and Android, whether you want to record audio or make a call.
Mobile

Apple’s new iPads are hardly new at all. Don’t waste your money

It has taken Apple four years to get around to updating the iPad Mini line, but the new iPad Mini is virtually identical to its predecessor. It’s joined by a confusing iPad Air with no obvious target audience. Is Apple just trying to sell…