IP Box hardware used to bruteforce screenlock on iOS devices

By Shane McGlaun/March 18, 2015 6:10 am EST

Word of an interesting device that can certainly be put to work for nefarious deeds has turned up that makes it easy for someone else to bruteforce the screenlock passcode on iOS devices. The device is called the IP Box and is apparently being used in the phone repair market now. The IP Box is inexpensive at around £200 and connects directly to the USB connection of the iOS device.

Once connected to the device, the IP Box precedes to bruteforce every possible PIN combination until it finds the right one to unlock the device. This particular vulnerability to bruteforce attacks for iOS devices has been known to exist for a while. What is new that this IP Box device is able to take advantage of is the ability to bruteforce lock codes even if the device is set to wipe data after ten failed screenlock attempts.

IP Box is able to do this by connecting directly to the iPhone power source and cutting power after each failed bypass attempt. By cutting power after a failed attempt, the failed attempt isn't able to be registered by the iOS device, bypassing the erase function.

It's not a fast process with a potential to take around 111 hours to bruteforce a four-digit screenlock if every possible combination is gone through. MDSEC says that the trick to stopping this hack from happening is to use a complex password to protect your device rather than a four digit PIN. Check out the video to see the IP Box in action.

SOURCE: MDSEC