Researchers at British Security Company MDsec have developed a tool that lets a hacker perform a “Brute Force” attack on a person’s protected iPhone passcode. The passcode cracking device tests different passcode combinations sequentially from 0000 to 9999, and hardwires through USB to the victim’s iPhone. The device also has a light which turns on once the device has been unlocked.
The researchers at MDsec claim that their tool can even work on Apple’s mobile devices if the owner of the mobile device has the ‘erase information after ten invalid passcode attempts’ option turned on, by cutting off the power supply of the iOS device. It is believed that MDsec’s device is exploiting a known Apple vulnerability, CVE-2014-4451 which was discovered last year and has since been patched.
The best practice for securing an iPhone is to use more than the standard, 4 digit passcode, and implement a new code that utilizes a complex string of characters, with numbers, letters, and special characters. It is also key to make sure that all devices are running the most up-to-date software with latest patches installed to correct any vulnerabilities.
For more information regarding this iPhone Passcode breach, please contact one of the following GraVoc employees:
Nate Gravel – Director of the Information Security Practice ngravel@gravoc.com
Related articles
Change Healthcare Attack: Ransomware Protection Measures for Healthcare Organizations
In light of the Change Healthcare attack, we explore why hackers target healthcare and how healthcare can defend against ransomware.
GraVoc Recognized on CRN MSP 500 List for Second Year in a Row
For the second year in a row, GraVoc has been recognized on the CRN® MSP 500 list in the Pioneer 250 category!
PCI SAQ Types: Which SAQ is Right for Your Business?
In this blog post, we provide an overview of the SAQ types for PCI DSS v4.0 and how to select a PCI SAQ that’s right for your business.