14 DAY TRIAL // The IT-Governance British security company, through Neil Ford, reports that there’s a new device on the market that claims to crack the pin code of an iPhone in less than 17 hours. The 2-minute-long video below will demonstrate how anyone can easily brute-force the iOS lockscreen with the said device, so make sure that you watch the video now and read more information after.
Apparently, the video was made by an elite security company called MDSec, who actually tested the device on their labs and confirmed that it can actually crack iPhone’s four-digit PIN. The tiny device can be purchased online for less than $250 (€235 or £170). It will take a little more than half a day to break the code, according to MDSec, who believes that the device exploits a known security vulnerability in iOS 8.1 (CVE-2014-4451).
“Further research suggests this could be the issue detailed in CVE-2014-4451 but this has yet to be confirmed,” says Neil Ford in the detailed article about the IP Box device, which is apparently used by many phone repair shops. “We plan to test the same attack on an 8.2 device and will update with our progress. In the mean time, our advice to all is ensure you have a sufficiently complex password applied to your device rather than a PIN.”
Rule number one: always keep your devices and computers up to date
We will know that an iPhone will erase itself after 10 failed PIN attempts, but IP Box works by cutting the power of the iPhone after each failed PIN attempt. iPhone devices running iOS 8.1.1 or later are apparently unbreakable at the moment of writing this article, but the company is currently testing multiple iPhone devices with iOS 8.1.1 or later, including the newly released 8.2 version of Apple’s mobile operating system.
This also works with iPads! That’s why we will always recommend to update to the latest stable release of an operating system as soon as possible, immediately after we or any other website announces its availability, no matter if it is iOS, Android, OS X, Windows, or Linux. It’s not a joke and you should always keep your devices up to date. More details and screenshots can be found in the MDSec’s article.
