Potential iOS “bruteforce” security hole identified

Share

If your phone is locked, it is usually regarded as pretty secure – after all, you have to enter a PIN number and after a certain number of incorrect tries it will either lock you out, or delete everything from the phone. But it appears there might be a way around it.

MDSec has identified a piece of hardware that is apparently doing the rounds amongst phone repair people that automates the tedious business of “brute forcing” entry – that is to say, trying every possible PIN combination.

The way it works is that by opening up the phone and connecting via USB, it is possible for the device to try as many numbers as it likes – before quickly rebooting the phone, before the keypad attempt has been logged to memory – meaning it can try as many times as it likes. As it requires a reboot and needs about 40 seconds each time to load, it isn’t a fast process – but if someone nefarious has about 111 hours to spare, they could get into your phone with relative ease.

It’ll be interesting to see if Apple respond to this potential security flaw – or whether it is so unlikely that it is deemed not worth it. You can read more on the MDSec blog.

James O’Malley