Wednesday, March 18, 2015

IP Box can bruteforce your iPhone PIN code in under 5 days

Most people consider the 4 digit PIN code on their iPhones to be enough to keep strangers from accessing their apps and data - and even more considering you can choose to have your device erased after 10 failed attempts. But now there's a device that can crack your iPhone PIN code by trying all combinations and bypassing that failed attempts protection.

The so called IP Box is a device that reminds us of the cracking devices we see on the movies and that quickly scans all available code. It connects via USB/lightning to a locked iPhone and starts churning out PIN codes from 0000 to 9999 till it find the right code. The "trick" is that it can bypass the 10 failed attempts protection, so it can try out as many codes as it wants.

The device keeps an eye on your iPhone screen and is connected directly to the CPU power supply, and when it detects a failed code it immediately cuts power to the iPhone, preventing it from storing the failed attempt. When the iPhone restarts, it's as if it never happened, and allows you to try again.

Yes, this also means each and every failed attempt will require a restart, which takes about 40 seconds; but considering most user use the simple 4-digit PIN code, it results in a worst case scenario of roughly 5 days to unlock a PIN locked iPhone (and statistically, it will do so in about half that time unless you do have the last PIN code to be tried.)

If you're worried about it, you can simple disable the "Simple Passcode" and use a more complex PIN/password to unlock your iPhone - and I suspect Apple can simply fix the issue in a future update, by ensuring it stores the failed attempt count in memory before providing any external indication of whether it succeeded or not.

No comments:

Post a Comment

Related Posts with Thumbnails

Amazon Store