Η βρετανική εταιρεία ασφάλειας IT-Governance, δια μέσω του Neil Ford, αναφέρει ότι κυκλοφορεί μια νέα συσκευή στην αγορά (IP Box) που ισχυρίζεται ότι μπορεί να break τον κωδικό pin ενός iPhone σε λιγότερο από 17 ώρες. Το βίντεο μάλιστα που παρουσιάζει η by clicking here shows how anyone can easily hack the iOS lockscreen with a brute-force attack.
The video was made by another security company called MDSec, who tested the device in their labs. It confirmed that the device can actually crack the iPhone's four-digit PIN code. The tiny device can be purchased online for less than $ 250. It will take a little over half a day to crack a code according to MDSec, which believes the device is taking advantage of a known security vulnerability in iOS 8.1 (CVE-2014-4451).
“Further research indicates that it could be the issue detailed in the CVE-vulnerability2014-4451, αλλά αυτό δεν έχει ακόμη επιβεβαιωθεί,” αναφέρει ο Neil Ford στο αναλυτικό άρθρο για τη συσκευή IP Box, η οποία προφανώς χρησιμοποιείται από πολλά stores phone repair.
"We plan to try the same attack on a device with 8.2 and we will inform you about our progress. In the meantime, our advice to everyone is to make sure they use a fairly complex password on their device and not a PIN. ”
We know that the iPhone shuts down after 10 failed attempts to "break" the PIN, but the IP Box bypassing it, erasing the iPhone after each failed PIN attempt. IPhone running with iOS 8.1.1 or later is not affected by vulnerability at the time of writing.
The IP Box also works on iPads. We therefore recommend that you upgrade to the latest version of the operating system immediately.
More details with pictures and videos can be found in her article MDSec.