Researchers at British Security Company MDsec have developed a tool that lets a hacker perform a “Brute Force” attack on a person’s protected iPhone passcode.  The passcode cracking device tests different passcode combinations sequentially from 0000 to 9999, and hardwires through USB to the victim’s iPhone.  The device also has a light which turns on once the device has been unlocked.

The researchers at MDsec claim that their tool can even work on Apple’s mobile devices if the owner of the mobile device has the ‘erase information after ten invalid passcode attempts’ option turned on, by cutting off the power supply of the iOS device.  It is believed that MDsec’s device is exploiting a known Apple vulnerability, CVE-2014-4451 which was discovered last year and has since been patched.

The best practice for securing an iPhone is to use more than the standard, 4 digit passcode, and implement a new code that utilizes a complex string of characters, with numbers, letters, and special characters.  It is also key to make sure that all devices are running the most up-to-date software with latest patches installed to correct any vulnerabilities.

For more information regarding this iPhone Passcode breach, please contact one of the following GraVoc employees:

Nate Gravel – Director of the Information Security Practice ngravel@gravoc.com

Related articles

 

Need-to-Know Privilege Explained

Need-to-Know Privilege Explained

In this blog post and video, we explore need-to-know privilege in cybersecurity and why it’s important for organizations to assign user permissions on a need-to-know basis.

read more

Pin It on Pinterest

Share This