For this study, and since the iPhone has locking systems when using brute force techniques to unlock its terminals, took advantage of a function found when we first set up our code. This function tells us if our unlock PIN, be it 4 or 6 digits, is strong enough, and is based on the number of times they are used. This is where, thanks to the alert indicating the weakness of the code, these students and their robot were able to get the blacklists of codes that Apple has indexed as most used.
How was the study carried out?
For this You must enter 10,000 different codes for the 4-digit keys and 1,000,000 for the 6-digit keys. What better ally for a task as repetitive as this than a robot? With a Lego robot operated by a Raspberry Pi was programmed so that all possible combinations were tested one by one, recording with each code the response of the terminal, indicating if it was sufficiently secure, or if on the contrary it belonged to the weaker password blacklist. For each code, the robot took a photo of the response that was sent to a server that analyzed the image and indexed the code accordingly.
For the sample on which to compare the results, 1220 participants were chosen on whom the obtained codes were applied, thus also allowing information on the trend of use to be collected.
It might interest you | Which iPhone and iPad will be compatible with iOS 14?
What did this study end up revealing?
The results obtained by this study were that There are 274 codes considered weak for 4-digit passwords and 2910 codes considered weak for 6-digit PINs.. If we look at the ratio to the total possibilities, does this mean that the 6-digit codes are more secure? Mathematically speaking yes, but comparing the results with the sample participants, the study revealed that 6-digit passwords are usually simpler since length is more trusted than complexity.
In conclusion it was determined that There is no real advantage of a 4 digit code over a 6 digit code and vice versa. using samples of vulnerable codes, so it is the same to use one option than another if it is to unblock a device blocked by code.