Device able to access iOS 8.1 through brute-force attack | iLounge News

News

Device able to access iOS 8.1 through brute-force attack

A new device allows users to access a locked device running iOS 8.1 through a brute-force attack, even with the “Erase data after 10 attempts” setting on, according to security company MDSec. The IP Box — available in England for £200 (about $293) — bypasses Apple’s security measures by cutting the iPhone’s power after each failed attempt at guessing the PIN, shutting down the phone before the attempt can be logged in flash memory. This method allows the device to break a four-digit PIN in approximately 111 hours. The vulnerability could be the issue noted in CVE-2014-4451 and addressed in Apple’s iOS 8.1.1 update, but MDSec recommends users create a “sufficiently complex” password rather than a simple PIN to protect their data regardless. [via Daring Fireball]

Comments

Related Stories

Subscribe to iLounge Weekly

Sign up for the iLounge Weekly Newsletter

iLounge is an independent resource for all things iPod, iPhone, iPad, and beyond.
iPod, iPhone, iPad, iTunes, Apple TV, Mac, and the Apple logo are trademarks of Apple Inc.
iLounge is © 2001 - 2017 iLounge, Inc. All Rights Reserved. Terms of Use | Privacy Policy