UK security firm IT-Governance, via Neil Ford, reports that a new device is on the market (IP Box) that claims it can crack an iPhone's pin code in less than 17 hours. The video in fact that the website presents shows how anyone can easily with an attack brute-force to violate the iOS lockscreen.
The video was made by another security company called MDSec, which tested the device in their laboratories. Confirmed that the device can actually break the four-digit iPhone PIN. The tiny device can be purchased online for less than 250 dollars. It will take just over half a day to break a code according to MDSec, which believes the device exploits a known security vulnerability in iOS 8.1CVE-2014-4451).
“Further research suggests it could be the theme detailed in the CVE-2014-4451 vulnerability, but this has not yet been confirmed,” Neil Ford reports in his detailed article on the IP Box device, which is apparently used by many phone repair shops.
“We plan to test the same attack on a device running 8.2 and will update you on our progress. In the meantime, our advice to everyone is to make sure they use a fairly complex code access on their device and not a PIN.”
We know that the iPhone shuts down after 10 failed attempts to "break" the PIN, but the IP Box bypassing it, erasing the iPhone after each failed PIN attempt. IPhone running with iOS 8.1.1 or later is not affected by vulnerability at the time of writing.
The IP Box also works on iPads. We therefore recommend that you upgrade to the latest version of the operating system immediately.
More details with pictures and videos can be found in her article MDSec.
