![]() I initially thought it would be a 10 min script, but I realized that jumping from the pin code login attempt to the date and time menu item to set it into the future cannot be done using keyboard shortcuts. So I did just that, I brought my keystroke injection USB platform, the Rubber Ducky and started sketching the attack. ![]() To my surprise this old trick worked on Apple’s iPad and essentially gave me a green light for automated bruteforcing. ![]() The next thing that came to my mind is an old hacking trick that people used to use to bypass expired licenses which is: set the current date to a future date to trick the software into thinking the license did not expire. I started trying the most common pins (see ) until I noticed that I was slowed down drastically by a time delay between tries which was even reaching 1 hour after only 4-5 tries.įor non-techies this would be a security control put in place to deter brute force attacks (ie: so an attacker cannot use an automated script to try every possible combination, in the case of a 4-digit code you’ll have 10.000 combinations, = 10 digits, 10x10x10x10 = 10 000). were locked with a 4 digit admin pin code. One day I was testing the security hardening of the corporate iPads of one organization to notice that restrictions such as “cannot use internet, cannot install apps” etc.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |