Beware: New iOS Brute force device
Within the iPhone repair markets, there seems to be a new tool being used that we all should be aware of. This tool seems to Bruteforce locked iOS devices for around $250 dollars known as an “IP BOX”
MDSec
an authority on information security and our source for this article, video and images had this to say.
“Although we’re still analyzing the device it appears to be relatively simple in that it simulates the PIN entry over the USB connection and sequentially bruteforces every possible PIN combination. That in itself is not unsurprising and has been known for some time. What is surprising however is that this still works even with the “Erase data after 10 attempts” configuration setting enabled. Our initial analysis indicates that the IP Box is able to bypass this restriction by connecting directly to the iPhone’s power source and aggressively cutting the power after each failed PIN attempt, but before the attempt has been synchronized to flash memory. As such, each PIN entry takes approximately 40 seconds, meaning that it would take up to
Our Thoughts:
There will always be curious people who want to understand how things work, which is the nature of hacking. However, there are those who're intentions are to exploit vulnerabilities for profit. We should all be doing our due diligence. Security always comes down to a trade off of convenience and security which only you can decide what's acceptable to you.
One thing to bear in mind is. It’s never about if you can be hacked, but rather how long it would take and whether your data is that important to the hacker.
How long do you think someone would wait for your data?
1min, 10min, 10hrs, 10days, 10months, 10years, a decade, a century.
As MDSec’s article suggests, try to use a stronger password rather than a 4 digit code. I totally agree with the opinion, but I want to stress, make sure Apples Find My iPhone is enabled. In this case, the hacker requires physical access to your iPhone. If you ever lose your phone the very first thing you should do is jump on the nearest computer and go to iCloud.com, login and try to locate it and in the case of it not being in your own home, you have the option to Erase iPhone it. Chances are you have a backup to the cloud already. In my option its better safe than sorry.