top | item 11333292

(no title)

lmcd | 10 years ago

Here's one approach you could use if you had a reliable zero-day at your disposal. I've been out of the jailbreak scene for a while, so I might be way off the mark:

1) Have zero-day ([0]) that can be used to deliver executable payload over SMS (think Stagefright). iOS devices can receive text messages before the filesystem is decrypted. Perhaps Apple should close this vector.

2) Deploy dylib that patches the SpringBoard UI (where the lock screen lives), disabling the code that counts incorrect passcode attempts

3) Brute force the passcode

[0] http://www.wired.com/2015/11/hackers-claim-million-dollar-bo...

discuss

jamesrom|10 years ago

> Perhaps Apple should close this vector.

Perhaps. However, it's very likely that receiving SMS before decryption is not a bug, but a feature.