A security researcher has found a way to circumvent the wrong password limit on iOS; using only a lightning cable. The hack exploits how the operating system prioritises tasks and allows the attacker to simply brute force their way into the device.
Researcher Matt Hickey discovered that plugged in iPads and iPhones prioritise keyboard inputs while plugged in. So much so that a steady stream of input is capable of overriding the security protocols that lock the phone after 10 wrong password inputs. In other words, the key is to send all password guesses in a single massive string.
Apple has been alerted to the exploit, although the company is disputing the method. A spokesman said that the result was an error and likely due to incorrect testing. No further explanation was provided.
That said, Apple is rolling out a new USB Restricted Mode with iOS 12; which limits the cable access to the device. It’s unclear if this will prevent the exploit from being used; although it already sounds like the company doesn’t believe that this is even possible at the moment.
