Hacker News new | past | comments | ask | show | jobs | submit login

I am sure they just hired some interns to

    code = 0000

    While code_is_valid not true:

        enter code

        reboot device

        code++
Edit: I am pretty sure there's a delay in code execution registering a wrong pin hence by rebooting the phone, the wrong pins won't get detected.



Regarding your edit, that was true in the past, but Apple fixed it in iOS 8.2. Now the system makes sure to write the failure to nonvolatile storage before reporting it. Phones running older OSes could be exploited this way. There are even boxes you can buy that will do it for you automatically. You set it up to try a passcode, then cut the power on failure. But they don't work anymore, and this phone's OS was too new for it.


Good one, though I can see there is a problem with this "algorithm"! haha :-)


What might it be?

I assumed the code is just 4 digits long but judging by the quick downvotes people aren't even considering this to be a possibility.


There's a mechanism that wipes the device after too many incorrect code attempts. Disabling this mechanism was the entire point of the FBI/Apple lawsuit.


I am pretty sure a reboot bypasses that mechanism.


Why would you be pretty sure of that? That would be totally braindead if a simple reboot bypassed the limit. It doesn't. There was a flaw in an earlier iOS version where you could reboot the phone a few milliseconds after an incorrect PIN, before the phone recorded the failure, but that was fixed some time ago.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: