[Cryptography] A possible way into an iPhone?

[Arnold Reinhold]

I found this link while working on the "FBI v. Apple" Wikipedia article:

   http://www.theinternetpatrol.com/how-to-avoid-the-disabled-time-out-when-trying-to-remember-your-passcode-on-your-itouch-iphone-or-ipad/

Here is the most relevant part:

“...you are allowed five guesses for free, meaning that the first five guesses do not incur any timeout penalty. But as soon as you enter your 6th guess at your passcode, if it’s wrong, your device is disabled for one minute. Then you get one more guess, and if that one is wrong, your device is disabled for five minutes. Then another guess, and if it’s wrong, you are locked out of your device for 15 minutes. After that each wrong guess at your passcode incurs a full 60 minute disabled timeout.”

"The way to avoid the disabled timeout when guessing at your passcode is this: as soon as you get your first message that your device “is disabled try again in X minutes”, connect it to your computer, with iTunes running. As soon as your device starts syncing disconnect it from the computer (yes, while it is starting to sync – we told you this was not approved by Apple!)

This method has worked for us every time – as soon as you disconnect the device from your computer, for some reason, you will once again have 5 free guesses to guess at your passcode.”

If this really works, it should be fairly easy to construct a rig to automate the process, with 10 solenoids to do the key presses and a relay to connect and disconnect the iPhone cable.  One could test it on another iPhone 5C to make sure it was safe. Even if it takes 3 minutes to try each set of 5 guesses, testing all 10,000 four digit PINs would take 100 hours. Seems worth a try to avoid an expensive law suit with potentially unpleasant outcomes for both sides.

Arnold Reinhold