iPhone e iPad Dispositivos de segurança derivados por meio de Novo Método
CYBER NEWS

iPhone e iPad Dispositivos de segurança derivados por meio de Novo Método

dispositivos iPhone e iPad são notáveis ​​por ter várias medidas de segurança que os protegem de abuso. desde iOS 8 eles foram protegidos com um algoritmo de criptografia avançada que protege-los de serem desbloqueados por hackers. However a security researcher discovered a weakness in the way iPhone and iPad devices handle these operations and was able to create a bypass that overrides the protective measures.

Security Weakness Identified in iPhone and iPad Devices

The user-set encryption of iPhone and iPad devices has been available as a standard feature since version iOS 8 of Apple’s mobile operating system. It has helped protect the iPhone and iPad owners from abuse by setting up a passcode that upon input decrypts the user’s contents and allows use of the devices. Apple’s measures also include a passcode entry limit, if the user enters a wrong code more than 10 times the device’s data is instantly wiped.




Newer devices use a hardware-based component (lasca) that is physically isolated from the main processor. This step has been made in order to provide an extra layer of security as access to it is available via another set of commands and services. This component also keeps count of the number of passcode entry attempts. Its algorithm is configured to slow down the password’s entry with each unsuccessful attempt. This system is devised to block automated intrusion attempts.

Story relacionado: Apple Patches The iPhone Bypass Used By the FBI

iPhone and iPad Devices Bypass Revealed

A security override for the encryption engine has been devised by the security researcher Matthew Hickey, co-founder of Hacker House. His technique works even on the latest version of the iOS (11.3). The expert discovered that when an iPhone or iPad device is plugged in every input made from a keyboard is managed with higher priority over other processes. This enables attackers to devise a hardware-based brute force attack by creating a long string of input. The device has been found to enumerate all strings and process them. Effectively this allows the hackers to use a ready-made list of possible inputs or use passcode generators to create custom lists.

While this is a slow approach it is effective when the attackers want to access the devices. It is expected that Apple will patch the issue in the upcoming iOS versions. We expect that similar bypasses will be made in the future as well, as the QA engineers will need to have a way in order to access made devices using such connections.

Avatar

Martin Beltov

Martin formou-se na publicação da Universidade de Sofia. Como a segurança cibernética entusiasta ele gosta de escrever sobre as ameaças mais recentes e mecanismos de invasão.

mais Posts - Local na rede Internet

Me siga:
TwitterGoogle Plus

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...