Showing posts with label Mobile Security. Show all posts
Showing posts with label Mobile Security. Show all posts

Now Unlock Apple iPhone By Brute Forcing Using IP Box

Namaste! Good Morning,

Apple iPhone has many ways to Unlock the screen which includes Fingerprint scanning, Pattern, and Secret PIN. One thing common in this is that all such methods require human interaction .

But now there is no need of human interaction to unlock the screen of iOS devices with secret PIN. 
with some of the tools like IP Box which is connected via USB, a Sensor to check the status of the screen in case of entering the correct password and change the image.


Actually, that brute force PIN-code is only effective if the device is disabled Erase Data in the settings ( Touch ID & Passcode screen ), which has been deleted from the device after ten attempts to enter the wrong.

Researcher's initial analysis indicates that the IP Box is able to bypass this restriction by connecting directly to the iPhone’s power source and aggressively cutting the power after each failed PIN attempt, but before the attempt has been synchronized to flash memory. As such, each PIN entry takes approximately 40 seconds, meaning that it would take up to ~111 hours (that is, four and a half days) to bruteforce a 4 digit PIN.
  • 5 digits - 1.5 months
  • 6 digits - 1.25 years
  • 7 digits - 12.5 years
  • 8 digits - 125 years
Researcher's have tested the attack on an iPhone 5s running iOS 8.1




Further research suggests this could be the issue detailed in CVE-2014-4451 but this has yet to be confirmed.

It turns out that the most efficient algorithm cracker action will be: 

  1. Try to find out the real PIN-code by analyzing the state of the coating of the screen. 
  2. Manually enter the 9 most popular of PIN-codes from the list of the most popular of PIN-codes. 
  3. Restart the phone. 
  4. Start automatic brute force for the other passwords. There is also better to use the dictionary the most popular combinations, introducing them in the first place.