Brute-Forcing iPhone PINs
This is a clever attack, using a black box that attaches to the iPhone via USB:
As you know, an iPhone keeps a count of how many wrong PINs have been entered, in case you have turned on the Erase Data option on the Settings | Touch ID & Passcode screen.
That’s a highly-recommended option, because it wipes your device after 10 passcode mistakes.
Even if you only set a 4-digit PIN, that gives a crook who steals your phone just a 10 in 10,000 chance, or 0.1%, of guessing your unlock code in time.
But this Black Box has a trick up its cable.
Apparently, the device uses a light sensor to work out, from the change in screen intensity, when it has got the right PIN.
In other words, it also knows when it gets the PIN wrong, as it will most of the time, so it can kill the power to your iPhone when that happens.
And the power-down happens quickly enough (it seems you need to open up the iPhone and bypass the battery so you can power the device entirely via the USB cable) that your iPhone doesn’t have time to subtract one from the “PIN guesses remaining” counter stored on the device.
Because every set of wrong guesses requires a reboot, the process takes about five days. Still, a very clever attack.
More details.
xxx • March 30, 2015 7:06 AM
Seems the fix should be simple: decrease the counter before PIN entry, then reset it back to 10 after the PIN was entered successfully.