Password protecting your mobile device does not mean it is secure, after it emerged that Micro Systemation’s XRY app can crack passcodes for iPhones and Android devices within minutes
Indeed, the XRY application is being used by a growing number of law enforcement agencies.
The password on the popular smartphone can probably keep a regular person who finds the device from breaking into it. However, the software from the Swedish company, which it sells to law enforcement agencies, can crack the code on an iPhone or a smartphone running Google’s Android mobile operating system within minutes, as shown in this video of the application working on an iPhone 4S.
According to Micro Systemation, XRY essentially jailbreaks the device in the same manner that regular jailbreakers do. It then runs every combination of four-digit passcodes (there are 10,000 of them) until it hits the right one. Once that happens, all the data on the phone can be accessed, according to the company.
Micro Systemation Marketing Director Mike Dickinson told Forbes.com that there are no “back doors” left open by the device manufacturers that XRY exploits. Instead, the application finds the same security flaws that regular jailbreakers do when they seek to get around any restrictions on applications that can be downloaded onto the smartphone.
The company spends a lot of time on finding these security flaws, Dickinson said – half of the Micro Systemation’s 75 employees are in research and development.
“Every week, a new phone comes out with a different operating system, and we have to reverse-engineer them,” he told Forbes. “We’re constantly chasing the market.”
It apparently is a good business for the company, particularly given the skyrocketing growth in smartphone sales. The company has doubled the number of employees since 2009, grown revenues 25 percent a year and generated $18 million (£11m) in 2011, a $6 million (£3.8m) jump from the previous year.
The company’s passcode-breaking products are sold in 60 countries, with particular interest among law enforcement agencies, according to Micro Systemation. Many police departments in the United States are customers, as is the FBI and the US military, which Dickinson said is the firm’s largest customer. About 98 percent of all police departments in the United Kingdom are customers.
“It’s a massive boom industry, the growth in evidence from mobile phones,” Dickinson said. “After 20 years or so, people understand they shouldn’t do naughty things on their personal computers, but they still don’t understand that about phones. From an evidential point of view, it’s of tremendous value.”
iPhone users are strongly encouraged by Apple to put in a four-digit passcode to protect their smartphones in case their devices are lost or stolen. However, according to a survey last year by the developer of the iPhone app Big Brother Camera, many users aren’t being particularly wise about the four numbers they choose.
According to Daniel Amitay, the 10 most common passcodes used by iPhone users accounted for 15 percent of all the passwords that were analysed. Amitay said on his Website in June 2011 that the most common passcodes were 1234, 0000, 2580, 1111, 5555, 5683, 0852, 2222, 1212 and 1998.
“Formulaic passwords are never a good idea,” Amitay said, but his analysis found that most users selected easy-to-guess codes.
Out of the 204,508 codes the app sent back anonymously to Amitay, “1234” was the most commonly used, with 4.3 percent of the users. The second-most-common code was “0000,” picked by 2.6 percent of the users.
Amitay’s Big Brother Camera Security app is designed to let owners know who could be using the smartphone without permission. The app automatically takes a photo of anyone using the iPhone in the front-mounted camera; it also collects information about the passcodes being used to protect the camera app. Amitay believes there’s a strong correlation between the four-digit passcode being used for the app and the one being used to lock up the iPhone.
How well do you know Internet security? Try our quiz and find out!
CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation
Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…
Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
View Comments
Easy fixed don't use the 4 digit one and turn off the simple passcode option in the settings, put in a longer passcode.
No brainer really
Plugin the iPhone into a computer, iTunes will automatically back it up, then from the backup files you can read text messages using online tools. No brainer.
Buy an iphone, ............. NO BRAINER! (simples!)