I was astonished when I read this article on breaking the iPhone PIN. Some guy has built a device that can guess your iPhone PIN, and he is using a very old trick that was performed on cards years ago. Of course, the exercise is pointless; as noted in the original article, Apple can (will) update their phones very soon, making the device pointless.
The attack consists in detecting whether the PIN code is right or wrong (here, through some change in display intensity) before the number of false PIN presentations is incremented in persistent memory. Upon detection, the phone is immediately rebooted, and the increment doesn’t happen. Yeaahh!!
Similar attacks have been performed on smart cards for over 20 years. The attackers used to monitor the power consumption when verifying a PIN, and an increase in consumption (indicating a memory write) would indicate the beginning of an EEPROM update, and the right time to cut power.
The solution? Most people typically look for complex implementations, but the general solution is much simpler: just increment your counter of failed attempts before actually performing the comparison (and ensure that the actual memory update has been performed, not just cached). Then, no need to worry about power cuts and reboots, since the attacker will not get additional attempts.
I will tend to believe that most (all?) Java Card implementations of the
OwnerPIN class include such countermeasures, providing adequate protection for a PIN comparison. And by the way, since recent iPhone’s include a Secure Element, this is where the PIN comparison belongs.
For more details on PIN attacks and countermeasures, you can read my tutorial JC101-12C: Defending against attacks.