contador web Saltar al contenido

Researcher discovers bug that allows to circumvent important iOS security feature; Apple denies [atualizado]

Recently, we gave a very important tip here on the website related to the resource ?Erase Data? iOS. If you have not read the article, I suggest you go there and then return. ?

Well then. The security researcher Matthew Hickey claimed to have discovered a flaw in Apple's mobile operating system which allows it to work around this feature if it is enabled, according to ZDNet. Also according to Hickey, his raw force technique works at least until iOS 11.3.

Normally, as we explained in the article linked above, the ?Erase Data? feature protects iOS as follows: when you miss the code for the fifth time in a row, iOS is inactive for 1 minute until someone can enter the code again to try to unlock the device (since, during this inactivity, everything you can do with the iPhone to call an emergency service); on the sixth error, iOS is inactive for 5 minutes; in the seventh error, 15 minutes; and the numbers will increase in such a way that to enter 10x the password incorrectly, it will take 3 hours.

Hickey, however, explained that when an iPhone or an iPad is connected to a computer or device that can control inputs on the device, a hacker can send commands from the keyboard and trigger a kind of interrupt request, which takes precedence over anything else on the device. Roughly speaking what happens that, instead of sending one code at a time and waiting, several would be sent at once, circumventing the protection feature of iOS. "If you send your attack from brute force in a long sequence of entries, it will process all of them and circumvent the erasure feature."

See the problem demonstration in the video below:

https://vimeo.com/276506763

In this way, Hickey was able to send all possible combinations of user passwords at once, enumerating each code from 0000 to 9999 concatenating the results in one string without spaces. He explained that, as this does not cause interruptions in the software, the keyboard input routine takes precedence over the feature that erases data from the device.

In the beta versions of iOS 11.4.1 and iOS 12, Apple is testing the USB Restricted Mode feature, which prevents an iOS device from syncing via USB if it is locked for a period of 1 hour. Such a feature helps to protect the device from the flaw discovered by Hickey but does not resolve it, as someone could very well plug the iPhone / iPad into a USB device before the device is locked after those 60 minutes.

Hickey sent an email to Apple with all the details of the bug, stating that this is not a difficult problem to identify. Without giving too many details and seeing that the case is gaining media, Apple just said that "the recent report about bypassing the password on the iPhone was an error, a result of incorrect testing."

What, exactly, Apple meant by this is difficult to know after all, as we can see in the video above, Hickey ?killed the snake and showed the stick?.

It also remains to be seen whether devices running iOS 11.4 or higher are protected against this possible invasion by the researcher's statement, the bug affects iOS 11.3 or lower versions (but it was not clear whether he was only able to test up to that version of the software or if the upper ones are really protected against failure).

via iDownloadBlog

Update 06/24/2018 s 23:59

The researcher himself explained things.

According to him, although it seems so, the tool was not really testing so many passwords. And this was happening precisely because of the protection of iOS against attacks from outside the iOS interface was showing "errors" when the password was entered and, therefore, there was no reason for the "Erase Data" feature to go into action.

tip from Bruno Carvalho