About PIN, the iPhone is about 20 years behind smart cards

I was astonished when I read this article on breaking the iPhone PIN. Some guy has built a device that can guess your iPhone PIN, and he is using a very old trick that was performed on cards years ago. Of course, the exercise is pointless; as noted in the original article, Apple can (will) update their phones very soon, making the device pointless.

The attack consists in detecting whether the PIN code is right or wrong (here, through some change in display intensity) before the number of false PIN presentations is incremented in persistent memory. Upon detection, the phone is immediately rebooted, and the increment doesn’t happen. Yeaahh!!

Similar attacks have been performed on smart cards for over 20 years. The attackers used to monitor the power consumption when verifying a PIN, and an increase in consumption (indicating a memory write) would indicate the beginning of an EEPROM update, and the right time to cut power.

The solution? Most people typically look for complex implementations, but the general solution is much simpler: just increment your counter of failed attempts before actually performing the comparison (and ensure that the actual memory update has been performed, not just cached). Then, no need to worry about power cuts and reboots, since the attacker will not get additional attempts.

I will tend to believe that most (all?) Java Card implementations of the OwnerPIN class include such countermeasures, providing adequate protection for a PIN comparison. And by the way, since recent iPhone’s include a Secure Element, this is where the PIN comparison belongs.

For more details on PIN attacks and countermeasures, you can read my tutorial JC101-12C: Defending against attacks.

3 Comments

  • 0x54 wrote:

    Another way to protect against a power cut off attack for a security device is to have a backup tamper battery like most HSMs. A small capacitor or a tiny rechargeable button battery might have been rather handy although not every security device would be suitable for a tiny tamper power pack fitted onto it’s security chip. In fact, I am personally skeptical about the supposed security of any supposed tamper-resistant chips not backed with a tamper power supply in it’s security encapsulation.

  • You are right. There are many ways to defend against such attacks. When I started working on smart cards, developers were actively working on “constant-time comparisons”, which would take the same time and leave the same power trace independently of the comparison result. Eventually, scopes became so good that the tiny differences became visible.

    The superiority of countermeasures like pre-decrement is that it beats a full category of attacks. Timing attacks just don’t work any more.

  • clever attack but not practical

Leave a Reply

Your email is never shared.Required fields are marked *