4

The iOS Security document describes several security mechanisms implemented in iOS 9. I am specifically interested in the actual security of a 4 digits PIN on iOS. I am looking for tangible information specific to iOS.

The document above states on page 10:

(...) so brute-force attempts must be performed on the device under attack. A large iteration count is used to make each attempt slower. The iteration count is calibrated so that one attempt takes approximately 80 milliseconds. This means it would take more than 5½ years to try all combinations of a six-character alphanumeric passcode with lowercase letters and numbers.

(...)

To further discourage brute-force passcode attacks, there are escalating time delays after the entry of an invalid passcode at the Lock screen.

With this in mind and putting aside possible vulnerabilities, how secure is a 4 digits PIN on iOS 9? Specifically with the assumption that:

  • the attack is possible only via the crypto-chip (described in the doc)
  • ... which enforces the restrictions and time delays

is a PIN a mechanism secure enough to sustain two years of attacks (with the knowledge we have today)? (*)

The social engineering part and human nature suggests that some combinations must be avoided (0000, 1234, 1111, 2222, ... , 9999, 4321, some visual ones as a cross or a box made out of the digits, etc.). We are now past the 10 tries and the device is at that point throttled or wiped.

(*) two years is an example, data recovered after this time may not be that sensitive anymore. I am aware of the fact that one can find tomorrow a vulnerability or a flaw in the architecture which breaks everything in iOS - this is why I am interested in the technical capacities of today.

WoJ
  • 9,038
  • 3
  • 34
  • 55
  • Good enough for what ? – Stephane Oct 14 '15 at 09:05
  • Good enough to protect the data of the user for a reasonable time, say about 2 years of attacks by knowledgeable attackers who would prefer to attack the phone instead of kidnapping the owner or his family to get the data (or to do an unfriendly takeover on his company to retrieve the secrets that way). – WoJ Oct 14 '15 at 09:15
  • That's an awfully vague requirement, really. The phone belonging to a top-level executive crossing the China border every month will not have the same requirement as my (retired) dad's iPhone. – Stephane Oct 14 '15 at 09:23
  • This is why I am looking only at the technical aspects of attacking the encrypted data (a way or another). I will modify the the question to highlight that. – WoJ Oct 14 '15 at 09:24

1 Answers1

2

As the OP mentioned, a 4-digit PIN can be broken in a few days with special hardware.

Without the special hardware, unless you're consistent at wiping smudges from your screen, the PIN numbers can be reconstituted fairly easily. The suggestion is to reuse one or two numbers to actually increase the difficulty in guessing the PIN. See https://www.schneier.com/blog/archives/2012/01/improving_the_s.html

Obviously avoid these PINs: http://danielamitay.com/blog/2011/6/13/most-common-iphone-passcodes

If you do not enable Erase Data (which wipes the device after 10 failed tries), then a 4-digit PIN would take at worst 417 days to guess (assuming 1 second to enter the passcode per attempt and going by the locking policy outlined on page 12 of https://www.apple.com/business/docs/iOS_Security_Guide.pdf), compared with 41,678 days for a 6-digit PIN. That 4-digit figure falls short of the OP's "reasonable" length of 2 years of security, especially since on average a passcode is recovered in half of all possible guesses, so that would be more like 208 versus 20,839 days.

Jay Dansand
  • 121
  • 3
  • The exploit used to crack the PIN is based on a vulnerability - so this is fixable. There will always be such issues but this is what patching is for. i was looking at architectural/design issues. Your two other points are valid (even if not strictly technical for the iOS) – WoJ Oct 14 '15 at 12:34
  • I'd love to quote time-to-brute for 4-digit PINs, but I'm having trouble digging up any real numbers for the increasing delay after wrong guesses. I'll update the answer with a lower-bound guess. – Jay Dansand Oct 14 '15 at 12:38
  • If you look in the document I linked the throttling is described in details (and how it increases with attempts). Also please note that the wipe feature stops you at 10 attempts, which is 1 hours 36 minutes to go though the 10 attempts – WoJ Oct 14 '15 at 12:39
  • Ah, I see the table - I thought I was missing something, because I've never had a 1-minute delay, even when my daughter fumbles around with my phone. Do you have Erase Data turned on? I do not, and the OP isn't clear - it says throttled or wiped. If you're wiping at 10, then there's no real difference between 4- and 6-digit PINs except entropy for keys. – Jay Dansand Oct 14 '15 at 12:46
  • That part was probably written by a marketing team. Just afterwards they mention actual throttling which makes the 80 ms / attempt irrelevant – WoJ Oct 14 '15 at 12:55
  • Okay, then assuming the table is accurate, I've updated the post with worst- and average-case brute times (if Erase Data is turned off). – Jay Dansand Oct 14 '15 at 13:02
  • Let us continue this discussion in chat. – Jay Dansand Oct 14 '15 at 13:04
  • +1 for the calculations. I will wait for some time before accepting to see if there are other considerations (more on the hardware/crypto-chip side) but I guess that this will be it (and the right answer) – WoJ Oct 14 '15 at 13:07