ip box

A new device is causing commotion around the interwebs today, that has the ability to unlock PIN-protected iOS devices. The tool, first spotlighted by security firm MDSec, is being used in the phone repair markets to brute-force iPhone and iPad Lock screens.

According to MDSec, these ‘IP Boxes’ are about the size of an Apple TV, and you can acquire one for around $300. It works by simulating the PIN entry on a device over a USB connection, and is able to sequentially bruteforce every possible PIN combination.

The most genius, and scary, part is that the IP Box works even if the “Erase data after 10 attempts” setting is enabled. MDSec says it does this by cutting the device’s power after each failed PIN attempt, but before the attempt has been synchronized to memory.

It’s not a quick process though. Each PIN entry takes approximately 40 seconds, so it could take more than 110 hours to brute force an iPhone. It also only works for devices that are protected with 4 digit PIN codes, so those with more complex passwords are safe.

In their post, MDSec notes that they believe Apple patched the exploit used by IP Box in iOS 8.1.1.

Source: MDSec via DaringFireball

  • TotallySerious

    I’ve got AndroidLockXT, I should be fine lol

    • Jonathan

      Ditto.

    • Micaiah Martin

      I’m sure someone would recognize this and just put your iPhone into safe mode so that it will bypass that simple tweak.

    • Ricardo Monterrubio

      does it work on safe mode ?

      • TotallySerious

        In safe mode, AndroidLockXT is disabled, and the regular passcode pops up instead (if you have one)

    • Uhmm In safe mode Android lock is useless. Hard reset > boot safe mode > Done lol. Also there are boxes like this for android too so no OS is truely safe…

      • TotallySerious

        Well you can set up a regular password beneath Androidlock so if it does go into safe mode, that passcode will show up instead

      • That’s when you use the tool is what I am saying.

      • TotallySerious

        Ah I see. Well then you could either change to the alphabetical password or just update to 8.1.1 (I’m on 8.1 so ill just use alphabetical password)

      • Jonathan

        I’m pretty sure I wouldn’t steal your device, then pay $300 to brute force it. I think I’d just buy a new iPhone instead.

      • TotallySerious

        I would hope you wouldnt want to steal my device lol 😉

      • Nate McKelvie

        Its not about stealing the phone for use, because you still have the activation lock with iTunes if you try to restore it, so getting past the passcode only allows you to use it AS someone else phone, its about the DATA in the phone. YOU CAN ALWAYS do a DFU restore on a phone and bypass the passcode. thats why they are doing it so that it turns the phone off and prevents data from being erased. The only thing breaking into a phones passcode is good for is to steal the data inside that phone

      • Elias Chao

        I thought it was not possible, but a friend of mine bought a stolen iPhone, and found (and paid) a guy who bypassed Activation Lock.

        Afaik, this guy do that as a business, so everyone could go to him and unlock an iCloud-locked iPhone.

      • Nate McKelvie

        I didn’t say it was impossible to get around activation lock. What i was saying is that, You can easily bypass a lock code by just restoring a phone. Its that easy. DFU restore eliminates all data and resets the phone ( except the new activation lock prevents that, but I stand by the belief that any defense that can be built, can also be broken ) My point was just that people are not using these devices so they can steal the phone to use the phone, they are using this device mentioned in the article so they can STEAL data.

      • Jeffrey

        Well thieves could bulk use this so they could sell newly restored (stolen) iPhones, instead of not being able to sell their stolen iPhones because they’re locked… The 300$ would be worth the money for thieves…

      • Jonathan

        They gotta get through Find my iPhone though in order to be able to sell it.

      • Jeffrey

        Yeah I know, so it would still be risky… Some people don’t use it however…

      • ChicagoSportsFanatic

        With bio protect it asks for a fingerprint before restart

      • Not a hard restart.(Holding power button and home button)

    • Joshua The-Legend Wiebe

      Wouldn’t matter if your lock screen is set to input the code using patterns or gestures, as long as you’re registering a code into your phone through your lock screen, the code in the memory would still be brute forced.

      • TotallySerious

        true. I have an alphabetical password now, so this device shouldnt be an issue

  • It has actually been around for a while (since iOS 7). Just “blew up” recently..

  • Joshua The-Legend Wiebe

    The calculations are incorrect, if the ip box was designed to find the pin on the iPhone every 40 seconds by cutting the power, it wouldn’t take 110 hours, depending if the code started in the 9’s then you’re looking at over 40,000 hours. But hopefully in the 1’s to 5’s, sure a few days to a week, if it’s brute forcing all day and night.

    • My complex code more than 4 digits so it would take a bit longer to break mine..

    • Jeffrey

      Actually it would take 73 hour max. 9X9X9X9=6.561 possible codes, 6561X0,6667 (40 out of 60 seconds)=4.374 minutes, 4.374/60 (60 minutes in an hour)=72,9 hours.

      • john

        lol you do know there are 10 digits total, not 9, that you can use right?

      • Jonathan

        So in that case

        10^4 = 10,000

        10,000 * 40 (seconds) = 40,000
        40,000 / 60 (seconds) = 666.667 (minutes)
        666.667 / 60 (minutes) = 111.11 (hours)

      • Jeffrey

        I knew I made some kind of mistake lol. That would indeed make it 110 hours, not days/weeks like the guy above me stated.

  • James G

    Glad to hear it is patched. Keep trying, hackers + NSA.

    • Victor

      Naive. If the NSA got you in their sights they would just pull your backup from icloud…

      • James G

        If you’re storing info on your phone you don’t want the NSA to have access to you wouldn’t use iCloud backup.

      • Victor

        They have enough other ways to access information stored on your phone.

  • Fanboy 

    HOW TO SET UP A PIN PASSCODE LONGER THAN 4 DIGITS
    • In your Passcode settings, turn off ‘simple passcode’
    • A keyboard will show up to input your new ‘complicated password’
    • Type in a new password, using ONLY numbers. You can use whatever amount of numbers you wish.
    • Once you have saved it, your lockscreen will now show the following new passcode screen.

    *Notice it does not have 4 dots to fill, it shows up as an empty box. When you type in your passcode, it does not automatically verify it you must press OK. This insures nobody knows how many digits your code is. It could be 1 digit long, or it could 8 digits long. Who knows? Only you 🙂

    • Jonathan

      This is awesome to know, thanks.
      now to find that tweak that iDB posted a few months ago that you don’t need to press okay to enter the passcode. if it’s correct, it’ll auto unlock.

      Anyone remember?

      Edit: it’s called AutoOk

  • waqass

    I have one 😛 this Box is around since Ios7 and it was working perfect but now It take too much time

    • Victor

      In ios 7 it still took the same amount of time.

  • Victor

    Thats completely useless XD.

    • Jonathan

      Yeah, but it’s an easy fix.

      • Victor

        True 😀

    • FFF84

      No, It’s very useful because you are using fingerprint. so you don’t have to type your password every time.

      • Victor

        Every time you reboot you will have to type that password again. And especially if you don’t use it often, you are likely to forget it.

      • FFF84

        You don’t forget your email or itunes password. You can even save or to “one password”. And normal iphone users restart there devices once a week.

  • OFFICIAL ICLOUD UNLOCK
    New IMEI numbers avaible in our data basse,now we have acces to 60% of all Iphones IMEI-s numbers,that can be Icloud unlocked.

  • Ibrahem Jaffal Alhwareen

    did he works with all the ios ??