sciencetech-blog

comments

A team of experts has found a way to bypass the iPhone lock screen using a DIY hacking kit

Apple phones are designed to ward off hackers by locking the phone after too many incorrect attempts at entering a passcode. 

But a team of experts has found a way to bypass this security feature using a DIY hacking kit made from parts bought online.

The gadget plugs into a phone and simulates the PIN entry over USB meaning it can bruteforce every possible combination until it finds the correct one. 

Importantly, by connecting directly to the phone's power source, it can override the 'Erase data after 10 attempts' setting. 

The hack and device was devised by experts from London-based MDSec, authors of The Mobile Application Hacker's Handbook. 

It takes advantage of a flaw in iOS 8.1 that creates a tiny delay between the PIN code being entered and the phone unlocking.

MDSec's device cuts the power source immediately after each failed attempt but before the attempt has been synchronised with the phone's flash memory.  

'We recently became aware of a device known as an IP Box that was being used in the phone repair markets to bruteforce the iOS screenlock,' said the researchers. 

'This obviously has huge security implications and naturally it was something we wanted to investigate and validate.

'Although we're still analysing the device it appears to be relatively simple in that it simulates the PIN entry over the USB connection and sequentially bruteforces every possible PIN combination. 

'That in itself is not unsurprising and has been known for some time. 

Experts bypass iPhone lock using DIY hacking kit bought online

The hack and device was devised by experts from London-based MDSec. Its gadget uses an IP box used by some phone repairmen to bruteforce iOS screenlocks on handsets. It takes advantage of a flaw in iOS 8.1 that creates a tiny delay between the PIN code being entered and the phone unlocking

'What is surprising is that this still works even with the "Erase data after 10 attempts" configuration setting enabled.'  

MDSec's total setup cost around £200 ($297), and the researchers explained that because each PIN entry takes approximately 40 seconds - including the phone shutting down - it can take more than four days to bruteforce a four-digit code.

The hack also only works if a criminal has stolen or found the phone, and it only applies to phones running iOS 8.1 or older. 

Apple has reportedly fixed the bug in 8.1.1 and people running older versions of the software are advised to update to the latest version. 

By connecting directly to the phone's power source it can override the 'Erase data after 10 attempts' setting. It cuts the power source to the phone immediately after each failed attempt but before the attempt has been synchronised with the phone's flash memory. Apple has reportedly fixed the bug in 8.1.1