Apple devices not running iOS 8.2 could be vulnerable to brute-force crack

Automation tool resets device to circumvent password-guess limits

Tags: Apple IncorporatedUSA
  • E-Mail
Apple devices not running iOS 8.2 could be vulnerable to brute-force crack One researcher was able to crack his iPhone 5S after 10 attempts. (Getty Images)
By  Stephen McBride Published  March 16, 2015

Apple devices running up-to iOS 8.1 are vulnerable to a brute-force cracking tool that includes a workaround for password-guess limits, the Register reported.

The vulnerability, reportedly patched in iOS 8.2, allows a brute-force device called IP-Box to reset the device after each attempt and crack the tablet or smartphone in under 17 hours, according to researchers.

"This obviously has huge security implications and naturally it was something we wanted to investigate and validate," said MDSec researcher Dominic Chell, who was able to crack his own iPhone 5S after 10 attempts.

"Although we're still analysing the device it appears to be relatively simple in that it simulates the PIN entry over the USB connection and sequentially brute-forces every possible PIN combination."

IP-Box uses a light sensor in front of an iOS device to detect when it is unlocked.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code