Security company MDSec has been testing a black box device that manages to gain access to iPhones running up to iOS 8.1 by brute-forcing the passcode over a USB connection to simulate keypad entry. Normally, trying every possible 4-digit PIN would be prevented by automated lockout or data wipe after ten incorrect attempts, but the IP Box manages to bypass this.
The IP Box is able to bypass this restriction by connecting directly to the iPhone’s power source and aggressively cutting the power after each failed PIN attempt, but before the attempt has been synchronized to flash memory.
After each attempt, it measures light levels on the screen to see whether it got access to the homescreen; if not, it restarts the phone fast enough that the PIN counter doesn’t get updated.
It’s not a very practical means of attack in the real world. Restarting the phone after every single attempt means that testing every single PIN would take around 111 hours, and thus take an average of around 55 hours to get access. You need physical access to the phone for those 55 hours, and need to have stopped it from gaining any kind of network access in that time to prevent the owner using Find My iPhone to remotely wipe it. But it’s an interesting proof of concept.
Apple appears to have fixed the vulnerability in iOS 8.1.1, as companies selling the kit note that it is not compatible with this version of iOS.
Although this isn’t something to worry about, it’s still good practice to use a complex passcode–not a great hardship on a recent iPhone, where you’ll be using Touch ID most of the time. Just go into Settings > Touch ID & Passcode and slide off the Simple Passcode switch.
FTC: We use income earning auto affiliate links. More.
As you say… complex passcodes ftw. especially in light of Touch-ID.
People who use a PIN these days are really only trying to keep their spouse or kids out.
I liked the article not because of that there is someone could break the security of an iPhone, but because of the hardness to do so and because off that Apple knew about the flaw and fixed it even before someone could use it.
Nope. It’s not before “someone could use it”. Plenty of phones sold in Chinese black markets have “hidden activation lock”. Guess how they did it? Brute-force PIN attack, jailbreak, locally remove iCloud configuration, then hide all traces of the jailbreak. Once the buyer restores the firmware, they got locked out. :(
I didn’t knew it, but in comparison with the other world (Android’s one), you can depend on that there is a company (Apple) cares about security and tries to be perfect.
lol, well that’s because the chinese market buys a lot of stolen phones… what do they expect?
Tip – create a “complex” passcode and use just numbers. When trying to gain access, it will bring up just the number pad.
Then, one would assume, that if someone got your pre iOS 8.1.1 iPhone, had the black box, and tried this, after 111 hours, they still wouldn’t have access.
Since Touch ID, I have a complex passcode, but prior to that I had a double-bluff: a complex passcode that was actually two digits :-)
Love it :)
That’s exactly what I do. Instead of four digits it’s five, drastically increasing entropy but making it almost as easy to enter as a 4-digit pin.
Meanwhile, a moment of silence for all those who thinks Touch ID can safe them. You must be forgetting the part where Apple mentioned: They are protecting Touch ID mathematical formula of your picture with simple passcode.
The only thing that can safe you from this disaster is to use complex passcode. :D
i am sure you need to check MFC Dongle how to hack IOS8.1 :-)
55 hours is nothing. It’s a few days. The FBI have been waiting a hell of a lot longer than this, so they say, to access the stuff on the 5c.