|By Le Williams | 2 years ago|
Hacker House security firm co-founder Matthew Hickey revealed on Twitter a purported method to bypass those attempt limits when passing data via a Lightning connection.
According to Hickey, the alternative in attempting different passcode combinations involves the act of sending all the possible combinations as one, enormous string of numbers.
Based on this method, Secure Enclave will test all code combinations, as though the user has an infinite number of tries.
Hickey took to Twitter, explaining the hack and posting a link to a video to demonstrate the hack exploit. “Apple IOS <= 12 Erase Data bypass, tested heavily with iOS11, brute force 4/6digit PIN’s without limits (complex passwords YMMV) https://vimeo.com/276506763 – demo of the exploit in action,” Hickey wrote in a Tweet.
Apple disclosed to AppleInsider how “the report was erroneous and a result of incorrect testing”.
While Apple provided a basic statement to Apple Insider in response to the alleged hacking exploit, the tech giant has notably communicated with Hickey.
Following a response to Hickey, the security researcher stated in practice that it simply looked like dozens of pins were being tested but, in truth, only a small number were.
“It seems @i0n1c maybe right, the pins don’t always go to the SEP in some instances (due to pocket dialing / overly fast inputs) so although it “looks” like pins are being tested they aren’t always sent and so they don’t count, the devices register less counts than visible @Apple,” Hickey added in a follow-up statement on Twitter.