Long gone the times when you used to be afraid of your password being forgotten and henceforth beng worried of your data being erased away because of the 10 failed guesses that might erase away your whole iPhone.
This machine has existed a while ago,and it has exploited the whole idea of unlocking the iPhone without triggering its 10-Guess chances.
This bruteforce box is available MDSec and you can obtain it for around $ 300.
For you evryone out there,here's the device in use,via MDSec,
It can be a bit hard to tell what’s going on in the video, so here’s what you’re looking at:
- On the left is the iPhone, splayed open for direct access to its internals
- On the right is the bruteforcing box.
- The iPhone’s internal battery appears to be disconnected, giving the bruteforce box the ability to cut the iPhone’s power instantly
- Each time the device makes a guess, it sends it to the iPhone over USB. (It makes its first guess in the video above at 0:30)
- If the guess fails, an optical sensor strapped to the screen recognizes it, and…
- In a split second, the bruteforce box cuts the power and forces the iPhone to shut down before it can write the failed attempt to memory.
- The iPhone resets, and the box is free to try again.
- When the optical sensor detects a successful entry (like the one at 1:53 in the video above), the box stops guessing, logs the correct PIN, and starts beeping to get the attention of whoever was using it.
So, how can you protect your device from this?
- Update. If this isn’t fixed in iOS 8.1.1 or 8.2 (and it seems likely that it is), you can bet that Apple is rushing to patch this one now that this video is floating around.
- Use a longer password. As JWZ points out: at 44 seconds per try, a 4-digit pin take up to 4 1/2 days to crack. A 7-digit pin takes up to 12 years.
No comments:
Post a Comment