![WARNING: This Black Box Can Brute Force Crack Your iPhone Passcode [Video]](/images/news/47840/221405/221405-64.png "WARNING: This Black Box Can Brute Force Crack Your iPhone Passcode [Video]")
WARNING: This Black Box Can Brute Force Crack Your iPhone Passcode [Video]
Posted March 18, 2015 at 4:37pm by iClarified
A device known as an IP Box has been successful in bruteforce cracking the iOS screenlock passcode resulting in major security implications for iPhone and iPad users, reports MDSec. The box can be purchased online for around $200.
Although we’re still analyzing the device it appears to be relatively simple in that it simulates the PIN entry over the USB connection and sequentially bruteforces every possible PIN combination. That in itself is not unsurprising and has been known for some time. What is surprising however is that this still works even with the “Erase data after 10 attempts” configuration setting enabled. Our initial analysis indicates that the IP Box is able to bypass this restriction by connecting directly to the iPhone’s power source and aggressively cutting the power after each failed PIN attempt, but before the attempt has been synchronized to flash memory. As such, each PIN entry takes approximately 40 seconds, meaning that it would take up to ~111 hours to bruteforce a 4 digit PIN.
MDSec has confirmed that the device works on iOS 8.1 but has yet to test it on iOS 8.2. Their research suggests that this could an issue detailed by Apple in CVE-2014-4451.
Take a look at the video below and please follow iClarified on Twitter, Facebook, or RSS for updates. If you are concerned about the security of your device, we strongly recommend you follow these instructions to Set a Complex Alpha Numeric Passcode on Your iPhone.
Read More [via Intego] [via Alex]
Although we’re still analyzing the device it appears to be relatively simple in that it simulates the PIN entry over the USB connection and sequentially bruteforces every possible PIN combination. That in itself is not unsurprising and has been known for some time. What is surprising however is that this still works even with the “Erase data after 10 attempts” configuration setting enabled. Our initial analysis indicates that the IP Box is able to bypass this restriction by connecting directly to the iPhone’s power source and aggressively cutting the power after each failed PIN attempt, but before the attempt has been synchronized to flash memory. As such, each PIN entry takes approximately 40 seconds, meaning that it would take up to ~111 hours to bruteforce a 4 digit PIN.
MDSec has confirmed that the device works on iOS 8.1 but has yet to test it on iOS 8.2. Their research suggests that this could an issue detailed by Apple in CVE-2014-4451.
Take a look at the video below and please follow iClarified on Twitter, Facebook, or RSS for updates. If you are concerned about the security of your device, we strongly recommend you follow these instructions to Set a Complex Alpha Numeric Passcode on Your iPhone.
Read More [via Intego] [via Alex]
![DJI Introduces Its Own Portable Power Stations [Video]](/images/news/93370/93370/93370-160.jpg "DJI Introduces Its Own Portable Power Stations [Video]")
![Apple to Revamp Calculator App for macOS 15 [Rumor]](/images/news/93368/93368/93368-160.jpg "Apple to Revamp Calculator App for macOS 15 [Rumor]")
![New 15-inch M3 MacBook Air On Sale for $149.01 Off! [Lowest Price Ever]](/images/news/93314/93314/93314-160.jpg "New 15-inch M3 MacBook Air On Sale for $149.01 Off! [Lowest Price Ever]")
![Apple 96W USB-C Power Adapter On Sale for 49% Off [Deal]](/images/news/93302/93302/93302-160.jpg "Apple 96W USB-C Power Adapter On Sale for 49% Off [Deal]")
![AirPods Pro 2 With USB-C On Sale for $189! [Deal]](/images/news/92932/92932/92932-160.jpg "AirPods Pro 2 With USB-C On Sale for $189! [Deal]")
![iPad Mini 6 On Sale for Just $375! [Lowest Price Ever]](/images/news/93207/93207/93207-160.jpg "iPad Mini 6 On Sale for Just $375! [Lowest Price Ever]")
