Dan on Security
Register | Login
MDSec Blog: Apple iOS Hardware Assisted Screenlock Bruteforce

Works even with the “Erase data after 10 attempts” configuration setting enabled. Our initial analysis indicates that the IP Box is able to bypass this restriction by connecting directly to the iPhone’s power source and aggressively cutting the power after each failed PIN attempt, but before the attempt has been synchronized to flash memory. As such, each PIN entry takes approximately 40 seconds, meaning that it would take up to ~111 hours to bruteforce a 4 digit PIN.
Interesting approach in that by cutting power it prevents iOS from storing the attempt information. Long story short, always use a passphrase, not a PIN.

Tags: ios iphone bruteforce
More from: blog.mdsec.co.uk

show/hide source |


No comments found :-( To post a comment, please log in