That requires you to get physical access to the device, which puts the attack in an entirely different realm than just "password cracking".