Wednesday, March 28, 2012

Your 4-Digit iPhone Passcode is No Match for Law Enforcement Software

iPhoneIt may be time to exchange that four-digit passcode on your iPhone to something a *little* more complicated.

A recent Forbes report sheds light on just how quickly a four-digit passcode can be bypassed, paving the road for all of your data to be siphoned out of your smartphone.

Just how fast are we talking here? Apparently your iPhone's 4-digit passcode can be cracked in as little as 2 minutes.

The password cracking and data pilfering is made possible by Micro Systemation’s  handy-dandy “XRY” application.

Micro Systemation is a Swedish firm that provides all of the tools that law enforcement and military needs to access the devices of criminal suspects and detainees.

How XRY Works

In order to gain access to the phone, XRY leverages security flaws within the phone’s software – just like jailbreakers do – and conducts a “brute force” attack in order to crack the device's password.

No Sense of Security Here!After the phone has been jailbroken and passcode unveiled, all of the data stored on the handset is up for grabs. The accessible information includes contacts, call logs, SMS history, GPS location, files and even a log of keystrokes.

Here is a video that shows XRY cracking a 4-digit passcode and grabbing all of the data stored on an iPhone:

Don't scoff at the fact that the password on the iPhone used in the demonstration is set to "0000" either - that's actually one of the most commonly used iPhone passcodes.

Just incase you were wondering, XRY is said to work on both iPhone AND Android devices. Obviously the more complex your passcode is, the less likely your phone can be forced into granting access using XRY or similar programs.

Not that a complex passcode would stop them anyway.  They'd just ask Google or Apple for help getting in.

Update 4/3/12:  According to a hacker known as @chronic, XRY does not work on iPhone 4S, iPad 2 or iPad 3. Read more.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment