Apple has already patched a widely reported vulnerability which made it possible—albeit under some very, very specific circumstances—to crack an iPhone 7 passcode using a dedicated $500 hardware guessing box, a company spokesperson told TechCrunch last weekend.
“I did some poking around and Apple confirmed that the behavior that lets this box work will be patched out of the final version of iOS 11 that’s due this fall,” according to reporter Matthew Panzarino. “It’s also patched under iOS 11 beta 4, if you’re running that,” he added.
As first demonstrated by YouTube creator “EverythingApplePro,” a dedicated passcode-breaking box uses a bug to try out different passcodes until the right one has been guessed.
As mentioned, the hack is actually very, very limited in its usefulness for nefarious users.
Although it works on all iPhone 7 models and some iPhone 6s devices, the hardware requires that an attacker have the target device in physical possession.
Furthermore, it only works after a fresh iOS install or if the passcode on the device has been changed very recently, literally like a few minutes ago.
“On iOS 10, there is a ‘bug’ for lack of a better term, that allows repeated, rapid guesses of the passcode if you’ve changed it within the last minute or so,” explains TechCrunch.
“This allows the box to work within that period. Once another threshold is crossed—ten minutes after a passcode is changed—you no longer have the freedom to guess rapidly.”
In other words, be sure not to let someone who has this box in their hand steal your iPhone within ten minutes after changing the passcode unless you’re on iOS 11 beta 4 or later.
Using a six-digit or an alphanumerical password is the best way to protect yourself from those kinds of brute-force attacks as a six-digit passcode would take nearly ten years to crack using a guessing box.
A four-digit passcode could be cracked within days so small wonder Apple two years ago switched to six-digit passcodes as the new default on iPhone, iPad and iPod touch devices.