Most iPhone users rest assured that if they enable Erase Data toggle, iOS will wipe their device after 10 failed passcode attempts and not allow a hacker to unlock their device through a brute force attack.
Well security researcher Mathew Hickey has demonstrated on video that today’s hacking techniques can not only bypass the wipe after 10 failed attempts check but can also successfully unlock a locked iPhone. In the video Hickey shows an iPhone running iOS 11.3 and Erase Data data protection feature enabled.
Researcher says he is able to bypass the requirement by sending all possible combinations of passcodes to the iPhone at once, instead of trying them out one by one, thus fooling iOS and its 10 passcode attempt limit.
How is the technique of sending all passcodes at once successful? Hickey explains that when a keyboard sends an input to an iPhone it “triggers an interrupt request, which takes priority over anything else on the device.” This essentially means by sending all possible passcode attempts at once, iOS is not given the chance to enforce the 10 passcode limit and the device gets unlocked before it can take place.
The method shown in the video to brute force a locked iPhone isn’t fast and each passcode attempt could take between 3 to 5 second to run, however the fact that it can bypass the 10 passcode limit is alarming.
Now that it is revealed publicly, Apple should be able to solve this issue with a software update. Also the new USB Accessories feature introduced in iOS 11.4.1 and iOS 12 betas can also prevent this as when it is enabled iOS limits access to the device’s lightning port for external after one hour. The access is restored only when the device is unlocked with a passcode. (Source)