Apple Has a Good Reason for Updating
Anyone with physical access to your iPhone such as criminals or police officers can break through the passcode protection that you may have on your cellphone! Apple released iOS 8.1.1 back in November of 2014 and this upgrade closed off a glaring vulnerability.
iOS is supposed to force a limit on the number of attempts that you can have to try and access the phone via the pin code lock. Yet it is possible to make as many guesses as possible if you restarted the phone.
[one_fourth]
[/one_fourth]
[three_fourth_last]
Doing this manually would be a pain but fortunately for iPhone hackers and crackers there are devices out there that can automate the whole process. A British security consulting firm has been tinkering with such a device: an IP Box which was purchased for as little as $295.
Researchers claim the tool has the ability to be used to brute force any 4 digit PIN in up to 111 hours.
Having a 4-digit PIN on your phone has always been known to be inherently insecure however, the ‘erase data after 10 invalid attempt;’ configuration setting was seen as somewhat of a mitigation in many circles. Dominic Chell, director at MDSec stated to Forbes, “We believe that the device is able to evade this constraint be aggressively powering off the iPhone after each PIN entry attempt is made. but before the failure has been committed to flash memory. It does this by directly powering the iPhone itself.”
The IP Box was purchased from a UK distributor but he believes that the hacking machine was made in China. He also believes the very same device is being actively used by law enforcement and forensic investigators to gain access to locked devices but this hasn’t yet been well documented in the public domain.
Apple may have fixed the issue but if you are using any device iOS 8.1.1 is vulnerable to the attack. “As there are a subset of devices that are unable to run iOS 8 (such as the iPhone 4, iPod 4G or the original iPad) these devices will be vulnerable forever,” Chell added.
