Apple iOS Hardware Assisted Screenlock Bruteforce

&quot;Our initial analysis indicates that the IP Box is able to bypass this restriction by connecting directly to the iPhone’s power source and aggressively cutting the power after each failed PIN attempt, but before the attempt has been synchronized to flash memory&quot;<p>My guess is that Apple is only synchronizing after the failure animation completes. Should be easy to patch.

So it cuts power before the iPhone can store that a failed attempt occurred. It&#x27;s such a simple, stupid, wonderful idea. I love it. Kudos to whoever came up with it.

This is a legit issue, and you can definitely expect it to be patched quite soon. Not sure how&#x2F;why someone would think it wouldn&#x27;t get patched.<p>Many, many enterprises bet their data on passcodes combined with the 10-guess wipe defense. You can bet that they&#x27;ve already called Apple many times about this.<p>It&#x27;ll be patched very soon.

&quot;As such, each PIN entry takes approximately 40 seconds, meaning that it would take up to ~111 hours to bruteforce a 4 digit PIN&quot;<p>This is where a longer pass-code + TouchID is valuable.

I have a 9-digit PIN. So I guess I&#x27;m immune from this type of attack? (In any reasonable time, at least.)

Can someone explain to me how the power cut off works? The battery can&#x27;t be removed... And something like this requires precision timing. How can they cut it off then turn it back on without charging the battery? Furthermore, how can it be done every 10 seconds? My iPhone 6 takes longer to boot from scratch.

Article mentions brute forcing would take ~111 hrs. That looks like it&#x27;s (10^4 * 40) &#x2F; (60*60) which would be the maximum time needed to brute force.<p>Note for those not good at dividing hours by 24 in your head: 111 hrs is 4.65 days

Why does iOS accept entry of that PIN over the cable and not require it to be &quot;input&quot; on the screen?

Well, one can still remote wipe if the phone is lost. So, while this may still be an issue, it&#x27;s not as bad as what it would have been if that weren&#x27;t an option..

OP here. Devious. Cuts off the power source after failed attempts to get around 10 attempts restriction.

Can this be used by thieves to unlock iPhones in the Find My iPhone &quot;Lost Mode&quot;?<p>Perversely, &quot;Lost Mode&quot; incentivize thieves to do whatever necessary to unlock your phone, since they can&#x27;t just wipe it and resell it. Apparently it&#x27;s common for thieves to phish the contact phone number displayed on a &quot;Lost Mode&quot; iPhone: <a href="http://www.symantec.com/connect/blogs/cybercriminals-phish-icloud-credentials-victims-iphone-ipad-theft" rel="nofollow">http:&#x2F;&#x2F;www.symantec.com&#x2F;connect&#x2F;blogs&#x2F;cybercriminals-phish-i...</a>

A five-letter password is not much harder&#x2F;slower to type than a 4-digit PIN, but makes this attack entirely impractical.<p>Even using just lowercase letters, the maximum time expands from 111 hours to about 132,000 hours (15 years) per passcode.<p>Going to six letters expands it to about 390 years.

Out of curiosity, anybody know the resolution of the fingerprint reader? I&#x27;m assuming it&#x27;s some kind nxm scanner that could also be brute forced if needed, just take longer.

Anyone know of such a hack on Android phones?

It takes over 100 hours to brute force a 4 digit PIN.. I&#x27;m not impressed. For further security, everyone should use a longer PIN along with Touch ID, that is what I do.