iPhone’s Passcode Bypassed Using Software-Based Bruteforce Tool

Last week, a blogger reported on a $300 device called the IP Box, which was allowing repair shops and hackers to bypass passcodes and gain access to locked iOS devices. But it turns out that expensive hardware isn’t required; TransLock, a new utility for Mac, can do the same job over USB.

MDSec’s video proved that the IP Box was able to bypass an iOS passcode using brute-force and maintain the data on an iPhone, iPad, or iPod touch even when the device is set to erase itself automatically when an incorrect passcode has been entered ten times.

But developer Majd Alfhaily, creator of the Freemanrepo that hosts many popular jailbreak tweaks, has been able to replicate a similar brute-force attack using only an application running on a Mac.

“I tried to replicate the attack while covering the entire process without using hardware hacks,” Alfhaily explains in a post on his blog. He built an app called TransLock, which tries every possible 4-digit passcode starting from 0000 and ending at 9999.

TransLock isn’t just cheaper than the IP Box, but it’s faster, too. It takes just 5 seconds for the app to try each passcode, which means it would take 14 hours to try every single combination. The IP Box takes 40 seconds to try each one, which means it could take up to 110 hours.

Alfhaily explains how the whole things works on his blog, so if you’re into code, you can get more details there. But for the rest of us, the demonstration video below shows how TransLock works.

Despite the security concerns, Alfhaily has no plans to keep TransLock to himself. “I’m working on a Mac utility that’ll automate the entire process and send the library to the device over a USB connection,” he writes. “I have plans to release it in the near future.”

Unlike IP Box, however, TransLock will only work on a jailbroken iOS device, so those that haven’t been hacked are safe. In addition, it works with 4-digit passcodes only, so you can use a more complex password if you’re really worried about the vulnerability.

It’s certainly concerning that iOS can be vulnerable to hacks like this, but this is exactly why Apple is against jailbreaking. But as for the IP Box, the Cupertino company will surely have to find a fix for that before the device becomes more popular.

No comments:

Powered by Blogger.