Whether you don’t want your significant other to check your phone when you’re in the bathroom (assuming you don’t take your phone everywhere you go) or you want to make sure your data remains secure if your iPhone gets stolen, using a passcode is the best thing to do, right?
After all, it does ensure that no one can gain access to your phone’s contents unless they know the passcode; and with all the possible combinations, it won’t be easy to get the code right in 10 attempts, after which the data will be erased.
MDSec has acquired a device available in the market called IP Box, which can “guess” your iPhone passcode by brute force. They say that the device cost them “only” GBP200, which is actually cheap for unscrupulous people who make a living out of stolen iPhones.
According to MDSec, they tested the IP Box on and iPhone 5S running iOS 8.1.
- the IP Box simulates PIN entry via USB connection
- the PIN is entered sequentially until the correct combination is found
- the IP Box circumvents the “data erase” function after 10 attempts by “connecting directly to the iPhone’s power source and aggressively cutting the power after each failed PIN attempt, but before the attempt has been synchronized to flash memory”
- it takes about 111 hours to get the right PIN via this method.
Here is the video of MDSec’s test, which proved to be successful.
Think about the implications! With this device, even your iPhone passcode does not provide assurance anymore.
However, I think that Apple will find a way to stop IP Box and other such devices. What do you think?