Since iOS 8 rolled out in 2014, iPhone and iPad devices are protected with encryption, without providing passcode it is quite impossible to unlock the device. If the user enters more than 10 times a wrong passcode, the Apple device is wiped. Now the security researcher Matthew Hickey, co-founder of Hacker House, devised a technique to bypass the limitation of the number of wrong passcodes, even on the latest iOS version (iOS 11.3). The attack technique devised by Hickey can be effective against devices protected with six-digit passcodes, but it is slow, running about one passcode between three and five seconds each or over a hundred four-digit codes in an hour it would take weeks to unlock the device.
Newer Apple devices implement a hardware-based component that’s isolated from the main processor to provide an extra layer of security, it is also used to keeps count of the number of wrong passcodes the user entered and gets slower at responding with each failed attempt. Hickey explained that when an iPhone or iPad is plugged in, every keyboard input is managed by the device with the highest priority over other processes on the device. “If you send your brute-force attack in one long string of inputs, it’ll process all of them, and bypass the erase data feature,” he told ZDNet. If the attacker sends all the passcodes in one single string by enumerating each code from 0000 to 9999 with no spaces, the iOS gives the keyboard input routine priority over the device’s data-erasing feature. This implies that this trick works only after the device is booted up because there are more routines running.
Hickey reported the bug to Apple but still hasn’t received any reply, he also published a video PoC of its attack.
Apple is implementing a new feature dubbed USB Restricted Mode to improve the security of its device, it is going to lock down the iPhone’s data port to avoid unauthorized access, but experts observed that in this way password-cracking tools used by forensics experts will be no more effective.
Security Affairs
Security Researchers demonstrated how a “poisoned” cellphone battery in smartphones can be leveraged to “infer characters typed on a touchscreen
H μπαταρία του κινητού σου ξέρει τι κάνεις και μπορεί να το πει
Newer Apple devices implement a hardware-based component that’s isolated from the main processor to provide an extra layer of security, it is also used to keeps count of the number of wrong passcodes the user entered and gets slower at responding with each failed attempt. Hickey explained that when an iPhone or iPad is plugged in, every keyboard input is managed by the device with the highest priority over other processes on the device. “If you send your brute-force attack in one long string of inputs, it’ll process all of them, and bypass the erase data feature,” he told ZDNet. If the attacker sends all the passcodes in one single string by enumerating each code from 0000 to 9999 with no spaces, the iOS gives the keyboard input routine priority over the device’s data-erasing feature. This implies that this trick works only after the device is booted up because there are more routines running.
Hickey reported the bug to Apple but still hasn’t received any reply, he also published a video PoC of its attack.
Apple is implementing a new feature dubbed USB Restricted Mode to improve the security of its device, it is going to lock down the iPhone’s data port to avoid unauthorized access, but experts observed that in this way password-cracking tools used by forensics experts will be no more effective.
Security Affairs
Security Researchers demonstrated how a “poisoned” cellphone battery in smartphones can be leveraged to “infer characters typed on a touchscreen
H μπαταρία του κινητού σου ξέρει τι κάνεις και μπορεί να το πει
ΚΑΛΗΣΠΕΡΑ,ΤΟ ΜΟΝΟ ΠΟΥ ΜΠΟΡΩ ΝΑ ΣΚΕΦΘΩ ΕΙΝΑΙ ΠΩΣ ΤΟ ''hardware-based component'' ΕΙΝΑΙ ΕΝΑ ΟΛΟΚΛΗΡΩΜΕΝΟ ΚΥΚΛΩΜΑ FPGA,ΤΟ ΟΠΟΙΟ ΣΤΗΝ ΠΕΡΙΠΤΩΣΗ ΑΥΤΗ ΔΟΥΛΕΥΕΙ ΚΑΙ ΣΑΝ ΜΕΤΡΗΤΗΣ (COUNTER) ΑΠΟΤΥΧΗΜΕΝΩΝ ΠΡΟΣΠΑΘΕΙΩΝ.Η ΠΡΟΤΕΡΑΙΟΤΗΤΑ ΠΑΡΕΧΕΤΑΙ ΣΤΗΝ ΠΡΩΤΗ ΠΕΡΙΦΕΡΕΙΑΚΗ ΣΥΣΚΕΥΗ (ΣΤΗΝ ΠΕΡΙΠΤΩΣΗ ΜΑΣ ΣΥΣΚΕΥΗ ΕΙΣΟΔΟΥ - ΠΛΗΚΡΟΛΟΓΙΟ) ΑΙΤΟΥΜΕΝΗ ΕΞΥΠΗΡΕΤΗΣΗ.Ο ΚΩΔΙΚΑΣ ΕΙΝΑΙ ΓΡΑΜΜΕΝΟΣ ΕΤΣΙ ΩΣΤΕ ΝΑ ΤΗΝ ΔΙΝΕΙ ΣΤΟ BOOT UP.Η MH ΑΝΑΜΕΙΞΗ ΤΟΥ FPGA ΚΑΙ ΓΕΝΙΚΑ ΤΗΣ CPU,ΜΟΥ ΘΥΜΙΖΕΙ ΛΙΓΟ ΤΗΝ ΛΕΙΤΟΥΡΓΕΙΑ DMA (DIRECT MEMORY ACCESS) ΣΤΗΝ ΟΠΟΙΑ ΤΟ ΠΕΡΙΦΕΡΕΙΑΚΟ ΑΠΟΚΤΑ ΤΗΝ ΑΠΟΚΛΕΙΣΤΙΚΗ ΔΙΑΧΕΙΡΙΣΗ (ΕΛΕΓΚΤΗΣ DMA).
ReplyDelete-ΔΗΜΗΤΡΑ-