PINs are the easiest way to control access to a smartphone. Its a simple four-digit number that’s not hard to remember. If you’re smart in choosing one, that’s not 1234 or 0000, then you may rest assured that your iPhone will be safe from unauthorized access. Don’t rest too easy though. There’s a cheap box out there that can brute-force the iPhone over USB to gain access to the device.
MDSec demonstrates how a $300 device called IP BOX can be used to brute-force an iPhone over USB. If you try entering the passcode physically by tapping on the screen it will lock you out after 10 successive wrong entries. IP Box works around that restriction to have virtually unlimited tries at the PIN code.
Basically what it does is use the USB to punch in the passcode. If the attempt turns out to be incorrect the box will cut power to the iPhone. This prevents the device from registering it as an incorrect attempt. The box can keep doing this until it lands on the correct PIN that opens up the iPhone.
This method takes about 40 seconds which means cracking an iPhone could take a couple of days as the box runs through possible combinations. MDSec performed this on an iPhone 5s running iOS 8.1.