Security Researcher Discovers Method for Brute Forcing iPhone Passcode in iOS 11

A USB-based vulnerability that allows for the brute forcing of a passcode on an iOS device has been discovered by security researcher Matthew Hickey, reports ZDNet.

The method, which bypasses the 10-entry attempt that erases an iOS device when the setting is enabled, allows a hacker to plug an iPhone or iPad into a computer and send all passcodes, from 0000 to 9999, all at once, triggering an input routine that takes priority over anything else on the device. Hickey demos the hack in the video below.

“Instead of sending passcodes one at a time and waiting, send them all in one go,” he said.

“If you send your brute-force attack in one long string of inputs, it’ll process all of them, and bypass the erase data feature,” he explained.

All that’s required to use this brute force password cracking method is an iPhone or iPad that’s turned on and locked and a Lightning cable, according to Hickey. It works on iOS devices up to iOS 11.3.

Hickey’s iPhone cracking method takes between three and five seconds for each four-digit passcode, which means it’s slow and not as advanced as other passcode cracking methods employed by companies like Grayshift, which makes the GrayKey box. For this method to guess a six-digit passcode, Hickey says it would take weeks.

Apple in iOS 12 is introducing a new USB Restricted Mode that may put a stop to the vulnerability that Hickey has discovered, as well as vulnerabilities exploited by tools like the GrayKey Box.



With USB Restricted Mode, enabled by default on iOS devices running iOS 12, USB access to an iPhone or iPad is cut off if it’s been more than an hour since the device was last unlocked.

That means computers and other accessories can’t be used to access a locked iPhone if it’s been locked for over an hour, disabling access via a USB to Lightning cable.
Discuss this article in our forums

Reddit is testing a news tab in its iOS app

Reddit is making it simpler to find news on the platform with a beta test of a news tab in its iOS app. You might not always want to sift through personal essays and cat photos to find news from your favorite subreddits. So, Reddit is pulling from a…

‘Fortnite’ could partially lose the one thing that makes it unique

To build, or not to build? In 2011, Epic Games took a gamble on an unconventional survival shooter called Fortnite. The far-reaching maps and signature weaponry were all there in the main game, but a new breed of battle royale would shake up the genr…

Bing can use your phone camera to search the web

Microsoft isn't about to let Google's visual search features go uncontested. The tech giant has introduced a Visual Search feature to Bing that uses your phone's camera (either a fresh shot or from your camera roll) to identify objects and serve up…

Car Consortium That Includes Apple Announces Digital Car Key Specification for Smartphones

The Car Connectivity Consortium (CCC), an organization that includes Apple, today announced the publication of a new Digital Key Release 1.0 specification, which is a standardized solution designed to let drivers download a digital vehicle key onto their smartphones.

Described as an organization focused on enabling seamless mobile device-to-vehicle connectivity, the CCC’s new Digital Key Release specification is available to all member companies.



In addition to Apple, this includes charter member companies Audi, BMW, General Motors, HYUNDAI, LG Electronics, Panasonic, Samsung, and Volkswagen, plus core members like ALPS ELECTRIC, Continental Automotive GmbH, DENSO, Gemalto, NXP, and Qualcomm Incorporated.

The new Digital Key specification, which uses NFC, was developed to create a “robust ecosystem” around interoperable digital key use cases. It will let drivers lock, unlock, start the engine, and share access to their cars using smart devices like the iPhone with reliable user authentication methods.

It is a secure system that lets vehicle manufacturers transfer a digital key implementation to a smart device using a Trusted Service Manager infrastructure that leverages NFC distance bounding and a direct link to the secure element of the device. This kind of technology has a wide range of uses, such as car sharing and car rentals, along with key-free operation.

Given the interest in the initial release, the CCC has begun work on a Digital Key 2.0 specification that will offer a standardized authentication protocol between a vehicle and a smart device, ensuring interoperability between different smart devices and vehicles. The Digital Key 2.0 specification has a target completion date of Q1 2019.

Several car manufacturers, such as Audi, already offer Digital Key services to their customers, while others, like Volkswagen, plan to implement the feature in the near future.
Discuss this article in our forums

Apple slapped with $6.6M fine in Australia over bricked devices

Apple has been fined AUS$9M (~$6.6M) by a court in Australia following a legal challenge by a consumer rights group related to the company’s response after iOS updates bricked devices that had been repaired by third parties.

The Australian Competitor and Consumer Commission (ACCC) invested a series of complaints relating to an error (‘error 53’) which disabled some iPhones and iPads after owners downloaded an update to Apple’s iOS operating system.

The ACCC says Apple admitted that, between February 2015 and February 2016 — via the Apple US’ website, Apple Australia’s staff in-store and customer service phone calls — it had informed at least 275 Australian customers affected by error 53 that they were no longer eligible for a remedy if their device had been repaired by a third party.

Image credit: 70023venus2009 via Flickr under license CC BY-ND 2.0

The court judged Apple’s action to have breached the Australian consumer law.

“If a product is faulty, customers are legally entitled to a repair or a replacement under the Australian Consumer Law, and sometimes even a refund. Apple’s representations led customers to believe they’d be denied a remedy for their faulty device because they used a third party repairer,” said ACCC commissioner Sarah Court in a statement.

“The Court declared the mere fact that an iPhone or iPad had been repaired by someone other than Apple did not, and could not, result in the consumer guarantees ceasing to apply, or the consumer’s right to a remedy being extinguished.”

The ACCC notes that after it notified Apple about its investigation, the company implemented an outreach program to compensate individual consumers whose devices were made inoperable by error 53. It says this outreach program was extended to approximately 5,000 consumers.

It also says Apple Australia offered a court enforceable undertaking to improve staff training, audit information about warranties and Australian Consumer Law on its website, and improve its systems and procedures to ensure future compliance with the law.

The ACCC further notes that a concern addressed by the undertaking is that Apple was allegedly providing refurbished goods as replacements, after supplying a good which suffered a major failure — saying Apple has committed to provide new replacements in those circumstances if the consumer requests one.

“If people buy an iPhone or iPad from Apple and it suffers a major failure, they are entitled to a refund. If customers would prefer a replacement, they are entitled to a new device as opposed to refurbished, if one is available,” said Court.

The court also held the Apple parent company, Apple US, responsible for the conduct of its Australian subsidiary. “Global companies must ensure their returns policies are compliant with the Australian Consumer Law, or they will face ACCC action,” added Court.

We’ve reached out to Apple for comment on the court decision and will update this post with any response.

A company spokeswoman told Reuters it had had “very productive conversations with the ACCC about this” but declined to comment further on the court finding.

More recently, Apple found itself in hot water with consumer groups around the world over its use of a power management feature that throttled performance on older iPhones to avoid unexpected battery shutdowns.

The company apologized in December for not being more transparent about the feature, and later said it would add a control allowing consumers to turn it off if they did not want their device’s performance to be impacted.

macOS ‘Quick Look’ Bug Can Leak Encrypted Data Through Thumbnail Caches

A long-standing bug in macOS’s Quick Look feature has the potential to expose sensitive user files like photo thumbnails and the text of documents, even on encrypted drives, according to security researchers.

Details on the Quick Look flaw were shared earlier this month by security researcher Wojciech Regula and over the weekend on security researcher Patrick Wardle’s blog (via The Hacker News).

Image via Wojciech Regula


Quick Look in macOS is a convenient Finder feature that’s designed to present a zoomed-in view when you press the space bar on a photo or document that’s selected.

To provide this preview functionality, Quick Look creates an unencrypted thumbnail database where thumbnails of files are kept, with the database storing file previews from a Mac’s storage and any attached USB drives whenever a folder is opened. These thumbnails, which provide previews of content on an encrypted drive, can be accessed by someone with the technical know how and there’s no automatic cache clearing that deletes them. As Regula explains:

It means that all photos that you have previewed using space (or Quicklook cached them independently) are stored in that directory as a miniature and its path. They stay there even if you delete these files or if you have previewed them in encrypted HDD or TrueCrypt/VeraCrypt container.

This is an issue that’s existed for at least eight years and concerns have been raised about it in the past, but Apple has made no changes in macOS to address it. “The fact that behavior is still present in the latest version of macOS, and (though potentially having serious privacy implications), is not widely known by Mac users, warrants additional discussion,” writes Wardle.

As Wardle points out, this information is valuable in law enforcement investigations, but most users are not going to be happy to learn that their Mac records file paths and thumbnails of documents from every storage device that’s been attached to it.

For a forensics investigation or surveillance implant, this information could prove invaluable. Imagine having a historic record of the USB devices, files on the devices, and even thumbnails of the files…all stored persistently in an unencrypted database, long after the USB devices have been removed (and perhaps destroyed). For users, the question is: “Do you really want your Mac recording the file paths and ‘previews’ thumbnails of the files on any/all USB sticks that you’ve ever inserted into your Mac?” Me thinks not…

It’s worth noting that if the main drive on the Mac is encrypted, the Quick Look cache that’s created is too. Wardle says that data “may be safe” on a machine that’s powered off, but on a Mac that’s running, even if encrypted containers are unmounted, the caching feature can reveal their contents.

“In other words, the increased security encrypted containers were thought to provide, may be completely undermined by QuickLook,” writes Wardle.

Wardle recommends that users concerned about unencrypted data storage clear the Quick Look cache manually whenever a container is unmounted, with instructions for this available on Wardle’s website. It’s also worth checking out Wardle’s site for full details on the Quick Look bug.
Discuss this article in our forums

iOS 12 will automatically share your location during 911 calls

Apple is joining Google, Uber and others in providing accurate location data that could save your life in an emergency. The company has revealed that iOS 12 will automatically (and importantly, securely) share your location with first responders dur…