According to report of foreign media ZDNet, a safe researcher had thought up method to bypass safe mechanism of the system, force breaks solution code.
Since since IOS 8 system was released 2014, all IPhone and IPad contain equipment to add close function. They have 4 digit or the code protection of 6 digit normally, as a result of the union of this kind of hardware and software, if do not have machine advocate cooperate, invade IPhone or IPad almost impossibly.
If the password number of input mistake is too much, equipment data is met be kept clear of automatically.
But network safety is the associated author of company Hacker House, safe researcher horse repairs · to hope base (Matthew Hickey) found a kind of method, can bypass 10 limitation that input a password, think the input is inputted how many times how many times -- even if is also be such on IOS 11.3.
"Aggressor needs to open only, the mobile phone that screen is locking up and line of a Lightning. " rare base tell ZDNet.
Normally, IPhone and IPad can be restricted minutely the frequency that can input a password. Newer malic facility includes " safe land of one province or county enlosed by that of another " , this is the one part that hardware cannot revise, can protect equipment to avoid suffer violent attack, keep inputting a password for instance. This " safe land of one province or county enlosed by that of another " the frequency that meeting record inputs wrong password, become as the grow in quantity that inputs wrong number slower and slower.
Rare base found bypass the method of this mechanism. His explanation says, receive electrify head through Lightning line when IPhone or IPad, when the hacker sends clavier to input information, can spark one suspends a request, right now this wants preferential processing, equipment should drop the matter of any other.
He says, "Do not send password hind to await over, send their all at a heat however go out. Send their all at a heat however go out..
"If you are growing the force that you give out in stringing together an input to cut solution charge, it can handle all input information, bypass the function that deletes equipment data. " his explanation says.
The one by one in the string that aggressor can do not have blank space through be in is listed from 0000 combine to all passwords of 9999, finish one-time send all passwords. His explanation says, because this won't give software to bring any time that breath, of clavier input program move preferential the data that spends prep above equipment deletes a function. Rare base say, the ability after this means attack to be started in equipment only is met become effective, because have more programs at this moment,moving.
Hope base another eyesore that attack can make an apple, this company also is in all the time the maker that locks up a tool with the solution of a mobile phone of the closest exposure struggles.
What the public knows to this company or its flagship product is very little, but the tool solving a lock of 15 thousand dollar can allow this price execute the law the branch breaks the code that sees any IOS equipment, the file system that allows police to be able to visit facility in the round -- short message, photograph, communicate catenary of the record, history that browse, close key and user code are waited a moment.
This is considered as malic general to roll out new function in its coming IOS 12 system " USB restricts mode " one of reasons, allegedly this function can increase a police greatly or the hacker invades individual equipment to get the difficulty of data.
If equipment is in,password solution lock was not passed inside a hour recently, this are new the function prevents anybody effectively to use USB data line to do equipment to charge the everything beyond.
Rare base attack is very slow -- every password moves 3 to 5 seconds, or the password that runs more than 100 4 digit inside a hour -- the new function that cannot pound an apple possibly to be about to roll out.
The code that his attack can meet 6 digit (the) of acquiescent password length of IOS 11, but ability of time of need number week is finished.
Xijitong crossed email to send the detailed message of flaw to the apple, but he expresses, this flaw " discover not hard " . Malic spokesman reviews a request without the buy of reporter of the reply on the horse.
"I guess someone else to will find that flaw -- perhaps had found. " he says.
