Apple devices not running iOS 8.2 could be vulnerable to brute-force crack
Automation tool resets device to circumvent password-guess limits
Apple devices running up-to iOS 8.1 are vulnerable to a brute-force cracking tool that includes a workaround for password-guess limits, the Register reported.
The vulnerability, reportedly patched in iOS 8.2, allows a brute-force device called IP-Box to reset the device after each attempt and crack the tablet or smartphone in under 17 hours, according to researchers.
"This obviously has huge security implications and naturally it was something we wanted to investigate and validate," said MDSec researcher Dominic Chell, who was able to crack his own iPhone 5S after 10 attempts.
"Although we're still analysing the device it appears to be relatively simple in that it simulates the PIN entry over the USB connection and sequentially brute-forces every possible PIN combination."
IP-Box uses a light sensor in front of an iOS device to detect when it is unlocked.