Wednesday, July 8, 08:29
Home security The LEGO robot detects the PINs that are on Apple's blacklist

The LEGO robot detects the PINs that are on Apple's blacklist

Some PINs are blacklisted on iOS. For example, iOS recommends not using 0000 or 0011, but not having a problem with 0001 or 1001. But what combination of numbers is blacklisted and does this blacklist improve security?

Also, is a 6-digit PIN better than a XNUMX-digit?

Security researchers Philipp Markert, Daniel V. Bailey, Maximilian Golla, Markus Dürmuth and Adam J. Aviv decided to find out what was going on and asked for the help of a robot made from parts of LEGO and a Raspberry Pi to extract a list of blocked ones. XNUMX-digit and XNUMX-digit PINs.


The first problem that researchers had to overcome is that iOS uses rate constraints to prevent a problem with PINs. However, this protection does not exist during the initial setup process.

Using this information, the researchers developed a device to automate PIN code entry using LEGO bricks and a Raspberry Pi equipped with a camera. The "robot", which is connected to the iPhone via the port lightning, simulates a USB keyboard. Enter the PIN and the camera takes a photo of the iPhone screen.

The photo is then processed to determine whether the PIN code is blacklisted.

It turns out that Apple has a blacklist of 274 four-digit PINs and 2.910 six-digit PINs.

But this improves security. According to researchers, no it does not improve it, because the blacklists are too small, and iOS allows users to choose to use PINs from the blacklist.

"We find that relatively small blacklists used today by iOS offer little or no benefit," wrote researchers. “Profits are only observed when blacklists are much larger, which in turn comes at the cost of increased frustration with users. Our analysis suggests that a blacklist of about 10% of PIN space can provide the best balance between usability and security.

The researchers also found that six-digit PINs are not much more effective than four-digit PINs because of the numbers users choose.

“Our study found that there was little avail for the six-digit PIN compared to the four-digit. Our participants tended to select more easily assumed 6-digit PINs when examining the first 40 assumptions of a intruder. "

The findings, along with the blacklists and code for creating your own blacklisted robot, are there here.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


Microsoft's Project Freta detects malware via snapshots

Project Freta, introduced on Monday by Microsoft, is a new free service that allows users to discover ...

Tesla technology helps detect crime!

A Norwegian police department is looking for owners of Tesla cars with Sentry Mode to help it investigate an attempted murder.

Hong Kong: Technological giants freeze data demands

Google, Facebook and Twitter are stopping processing data requests from the Hong Kong government as they reconsider a new ...

Expert warns of COVID-19: "We will wear masks for years"!

Eric Toner, a senior researcher at Johns Hopkins Health Center and a world leader in pandemic preparedness, has informed ...

Microsoft: Fight for Warner Bros. IE

Microsoft: Fight for Warner Bros. Interactive Entertainment: Microsoft wants to be interested in making ...

Proton: It will now support Windows-exclusive games

Although Linux has improved a lot lately, windows continue to be on ...

BEC phishing attacks: New hacking team targets large companies

A new hacking-phishing team, targeting large companies around the world, has recently been discovered. The BEC (Business ...

Anker has released PowerExpand Elite 13-in-1 dock!

Anker's PowerExpand Elite 13-in-1 dock turns a simple Thunderbolt 3 port into any port you want, and is ideal for Mac ...

Virgin Media's network has stopped working again

Virgin Media's network has faced another downtime, which has affected several of its users.

Cerberus banking Trojan infiltrates Google Play

Security researchers have discovered that Cerberus banking Trojan was disguised as a legal currency application on Google Play. On Tuesday,...