You’d think your iPhone would be protected pretty sufficiently by a finger-print scanner. Well, 2015 has even more bad news for you and your poor, vulnerable phone.
A British security firm called MDSec caught word of a small machine called an “IP Box,” which can brute-force its way through an iPhone’s passcode—that means it just guesses every code from 0000 to 9999 as quickly as possible, over and over again, until it unlocks the phone.
So, they bought the machine, which cost them about £200 (or $295), and set it to work cracking phones. Since there are 10,000 possible passcode numbers with a four-digit PIN, it can take as long as four and a half days to get the right number—but it will get that number eventually.
“Oh, but I have that setting where after 10 failed attempts at guessing, it’ll delete all of my data,” we can hear you say, comfortable in your complacency. “Surely I’m protected from a machine that needs to make thousands of guesses.”
Sorry n00b, the IP Box has found a clever way around that one. From the MDSec blog post:
“Our initial analysis indicates that the IP Box is able to bypass this restriction by connecting directly to the iPhone’s power source and aggressively cutting the power after each failed PIN attempt, but before the attempt has been synchronized to flash memory.”
So how can you add a longer passcode and prolong the time between now and when a new machine can simply crack through better protection? Just head to your iPhone’s “Settings,” open “Touch ID & Passcode,” and turn off the “Simple Passcode” option. This allows you to make a passcode that includes letters, symbols and whole phrases.
The longer the password you choose, the better off you are, regardless of how overly-complicated you try to make it. Why? Allow XKCD to explain…
As for that terrible little machine, check out the video below, which may not be terribly exciting, but is quietly horrifying: