Cracking iPhone and Android Security Codes (Pins) seconds!

As the adoption of smartphones continues to take off, law enforcement is increasingly being stymied by passcodes and other forms of personal device security. In a video posted by Swedish technology firm Micro Systemation, the company demos a new version of the software it sells to police and governments all over the world to crack smartphones wide open. In this case, Apple’s iPhone 4 was coaxed into giving up its passcode with ease. Of course, as soon as anyone took notice, the video was removed. During the time the video was up, we got a good look at the software in action.

The software suite, called XRY 6.2, probes a USB-connected device and runs a series of privately developed hacks to gain access. Micro Systemation is essentially running a very high-level jailbreaking outfit in Sweden. Like amateur hackers, Micro Systemation searches for security vulnerabilities in devices and uses them to give law enforcement access. Micro Systemation is careful to point out that there are no officially sanctioned backdoors in smartphone software, so it has to employ 75 full-time researchers to find and exploit these security holes.

In the video posted by Micro Systemation, an iPhone with a four digit passcode is cracked in a matter of seconds by using a brute force attack. That is, the software connects to the device, and tries all possible PINs until it finds the correct one. For a 4-digit PIN, that’s not very many possibilities, but using the enhanced security alphanumeric passcodes on a device will hugely slow the process. Android devices, even those with pattern locks, can be exploited much of the time as well.

If the XRY software can gain access to a device, it will happily spit out phone logs, GPS data, personal files, and more. Micro Systemation is by no means the only company doing this, but it was one of the few confident enough to post a demo of its own software on YouTube. The video might have been removed out of fear the company would get bad press. The selling of this kind of software is big business, but we’re not supposed to know so much about it.

Subscribe to our Newsletter

Search ALL Articles

Managed V. Non-Managed


US-CERT Latest Warnings

Latest US-CERT Released Warnings