Insights Blog

iOS Passcode (Pin) Lock

iOS devices can be secured with a passcode lock, commonly referred to as a pin lock.  This is not a sim lock, but rather a password lock on the device itself.  By default, the pin lock uses what is referred to as a “Simple Passcode,” meaning that the pin lock will only be a 4-digit number, and that there are 10,000 possible iterations of numbers that can be used.  It also means it’s relatively easy to brute force.  The user has the option to set a longer password as well.

Elcomsoft has a tool which can iterate through all the possibilities and break them in less than 40 minutes.   Of course, trying to do so on the device itself would take much longer.  It is also not recommended, as the device may be set on the “Erase Data” option, which will erase the data after 10 failed attempts (more on this later).
Another consideration in Passcode Lock options is to take into account when the required passcode becomes active.   It can be set from “Immediately” to up to “After 4 hours.”  If “Immediately” is not the chosen option, then there is an opportunity to disable it if you get to the device before the time expires.
Going into Settings and entering a long passcode to be able to use the device is usually not convenient, so many users have a tendency to use the simple 4-digit passcode option or none at all.  Since most users opt to use the simple passcode (and there are only 10,000 possible iterations to choose from), it is interesting to see what the most common passcodes in use are.  Interestingly enough, Help Net Security has given us data on this:

As you may have guessed, some of the more common passcodes are “1234” and “0000”.  Other derivatives are based on the keyboard matrix.  As pointed out by Help Net Security, “Most of the top passcodes follow typical formulas, such as four identical digits, moving in a line up/down the pad, and repetition.”
Most people will use dates as their passcode, because they are easy to remember.  Birth dates and anniversaries are the most common dates chosen.  As you could guess, there’s a good chance of unlocking a locked device by trying some of the common formulas – just be aware that you could end up wiping the device.
Speaking of unlocking and wiping the device, let’s take a look at that.  While there are 10 attempts at guessing the pin code, it’s not as easy as just entering one code after another 10 times.  Apple was smarter than that – especially in cases where you need to use Mobile Me to remote wipe the device.
The first 5 incorrect attempts can happen one after another.  However, on the 6th incorrect attempt, a screen will appear forcing you to wait for 1 minute before attempting again.  The 7th incorrect attempt will force you to wait 5 minutes.  On the 8th incorrect attempt you will have to wait 15 minutes and on the 9th, you’ll have to wait 60 minutes.
The 6th incorrect passcode The 7th incorrect passcode
The 8th incorrect passcode The 9th incorrect passcode
On the 10th incorrect attempt, the phone will be wiped.  Obviously, this is a good thing if you lose your device and need to remote wipe it, because it will give you at least an hour and 21 minutes to do so. Unfortunately, it’s much quicker to jailbreak the device and bypass it.
The wipe no longer actually wipes the device; rather, it breaks the public/private key pair, rendering the data useless.  At this juncture, the user must connect the device to a system and use iTunes to restore the data.

BlackBag Team

With hundreds of years of combined experience in law enforcement,
forensics research and development, and corporate investigations, our team understands forensics. Digital Forensics is more challenging than ever before due to advancements in technology. The BlackBag Team exists to find solutions for these challenges, thereby empowering our customers to seek, reveal, and preserve the truth.Meet some of our experts at
BlackBag Team

Latest posts by BlackBag Team (see all)