Company MDSec told about the "black box" that mimics the input PIN-code via USB-connection on the iPhone and iPad and consistently produces a selection of options for the password. The device can be purchased by anyone.
Users of iOS-devices have more cause for concern in light of the recent opening of a specialist British company Dominica Chella. The expert drew attention to the instrument IP-Box, widely used in the industry related to repairing computers. As it turned out, the gadget exploits a vulnerability iOS, allows remote users to bypass the restriction on the maximum number of password attempts.
As explained by the expert, the device simulates the input PIN-code via USB-connection and consistently produces the selection of all sorts of variants of the password in the range from 0000 to 9999. IP-Box allows you to bypass the restriction "Deleting data after 10 attempts" by connecting directly to the power supply iPhone and aggressive de-energizing the device after each unsuccessful attempt to enter the PIN-code, but before it happens synchronization code to flash memory. Thus, each input PIN-code takes about 40 seconds. This means that for the selection of four-digit password will need about five days.
Password guessing in this way may be available to absolutely everyone, experts say. The cost of IP-Box is only £ 200 and can be found in the free market.
Experts plan to carry out an attack on the test device with the operating system iOS 8.3, as long as users are encouraged to use more complex passwords to protect the iPhone and iPad.