This brute-force device can crack any iPhone’s PIN code

By

Photo: MDSec
It's not exactly the Enigma Machine, but it'll do the trick! Photo: Mobile App Hacker's Handbook

Touch ID might be a more convenient and secure security implementation than PIN codes, but for now at least PINs are sticking around — which makes your iPhone vulnerable to anyone who gets their hands on it.

Of course, your iPhone only gives you a certain number of failed guesses, which means that unless the hacker somehow quickly guesses the correct code out of the 10,000 possible combinations, your iPhone’s contents remain safe.

A new video which has surfaced online, however, shows off a brute-force machine capable of trying every possible four-digit numerical combination in turn, while also resetting your iPhone to try again when it runs out of attempts. You can check it out below.

The setup shows the iPhone’s internal battery disconnected, which gives the brute-force box the ability to control the iPhone’s power supply. Each time a guess is made, it is transmitted to the iPhone via USB. If the guess proves incorrect, an optical sensor attached to the iPhone’s screen recognizes this and cuts the power immediately before the device can record the failed attempt. The iPhone then resets, allowing the box to try another guess.

Every attempt takes 44 seconds, including the reset, which means that if all combinations tried are incorrect until the last one, it would take four-and-half-days to access an iPhone.

Apparently, the device sells for around $300, although any thief would have to bank on the fact that users wouldn’t remotely shut down their iPhones. Regardless, now that this video is doing the rounds, it is entirely likely that Apple will patch the flaw in a future version of iOS.

Even upgrading to a seven-digit password would be a good move, since this would increase the amount of time necessary to crack a device from 4.5 days to somewhere in the region of 12 years (!). By that point, you’ve got to think a phone that’s around the age of a 6th grader isn’t going to be worth too much.

Source: MDSec

Via: TechCrunch