Apple will soon bring the controversial USB Restricted Mode to iPhone and iPad devices with the rollout of iOS 12 later this year. This toggle in the settings will cut off communication through the USB port when the phone has not been unlocked in an hour. With the move, Apple was preventing the use of brute-force attacks to guess the passcode, a method commonly employed by law enforcement authorities and security agencies to crack a locked iPhone. The company had said it was aiming to protect all customers, especially in countries where phones are readily obtained by police or by criminals with extensive resources, and to head off further spread of the attack technique. Despite this upcoming fix to the brute force, an ethical hacker posted a demonstration of a brute-force passcode attack on devices running versions lower than iOS 12. He claimed to have bypassed current protections by sending passcodes combinations at once. Apple replied to the claim by refuting the method, calling it “incorrect testing”.
Matthew Hickey, who goes by the pseudonym @hackerfantastic, took to Twitter on Saturday to showhow the iPhone’s passcode could be bypassed with a simple hack. In a Vimeo video, Hickey is seen connecting a Lightning cable to an iPhone running the latest stable version of iOS 11.3. He also shows, in Settings, that the Erase Data (on multiple wrong attempts) option has been switched on. He then runs his software which sends all passcode attempts ranging from 0000 to 9999 to the iPhone at once, instead of once at a time. The one-minute video shows that the iPhone gets unlocked within seconds of running the software.