iPhones could be unlocked with £120 high-street device

This device is capable of hacking into older iPhones Picture: YouTube
This device is capable of hacking into older iPhones Picture: YouTube
Share this article
0
Have your say

Apple devices can be unlocked with a device costing as little as £120.

The IP-Box only works on iPads and iPhones using software update 8.1 or less, it allows users to bypass the iPhone’s lockout mechanism using a brute force attack.

The IP-Box exploits a little known vulnerability in Apple’s software, that allows the device to shut down the incorrect password attempt before the phone can register that it has happened, giving it the ability to bypass the phone locking the user out.

With there being 10,000 possible four digit pin numbers, each taking around 40 seconds, it could take the box 4.6 days to unlock the device - much longer than the advertised six seconds to 17 hours.

READ MORE: New iPhone 6s bug lets hackers access photos and contacts


The box works by plugging in through the device’s lightning connector, which is attached to a small circuit board. When the correct code has been found, the phone is automatically unlocked.

In the case of the iPhone, the bare-minimum of security measures have been implemented.

Jamie Graves, CEO of ZoneFox

The device does not reveal the correct code used, but allows the user instant access into the device. 


Jamie Graves, CEO of Scottish cyber security company ZoneFox, said: “The issue of it being available to the public is a tricky one. 
The main issue here is that it is incredibly hard for technology like this to be controlled. With the internet, it’s difficult to stop people from getting their hands on one if they are determined enough to do so. Therefore simply banning them from the public would not be effective.”

READ MORE: Taliban smartphone app removed from Google Play store

Graves feels that it is the responsibility of big business to stay on top of security to protect users.
He said: “The IP-Box shows that, certainly in the case of the iPhone, the bare-minimum of security measures have been implemented. 
“We know this because it implements a form of attack know as a ‘brute-force’ attack on the password, which simply-put means it guesses passwords until it gets the right one.

“There are measures that can, and have, been put in place to frustrate this form of attack.

“At the end of the day, though, it highlights that combating those intent on hacking into systems is an arms race where hackers are ultimately always one step ahead.”

Bryan Thomson of Edinburgh-based security consultants, TrustStream said: “Unfortunately what is secure today may not be secure tomorrow due to the exponential rate that technology advances.

“Large software/hardware companies should be thinking about security from the start and not as an after thought, which is often the case.”

But Thomson believed that devices such as the IP-Box were of benefit to the wider security community: “Restricting their use to only professionals would limit the security community input, which is a crucial element for security testing development.”

Future Scotland: Scotland’s tech sector, innovation and big ideas >>