iPhone Cracking Methods Like GrayKey Box Can Guess a Six-Digit Password in 11 Hours on Average

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Apr 16, 2018.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Law enforcement agencies have a new iPhone cracking tool that works with all modern iPhones and the newest versions of iOS 11, the GrayKey, designed by a company called Grayshift.

    Previous reports have suggested the GrayKey can crack 4-digit passcodes in a matter of hours and 6-digit passcodes in days, but as highlighted by VICE's Motherboard, cracking times for the GrayKey and other similar iPhone unlocking methods can potentially be even faster and 6-digit passcodes no longer offer adequate protection.

    [​IMG]

    Matthew Green, assistant professor and cryptographer at John Hopkins Information Security Institute, said this morning on Twitter that with an exploit that disables Apple's passcode-guessing protections, a 4-digit passcode is crackable in 6.5 minutes on average, while a 6-digit passcode can be calculated in 11 hours.


    Apple does have built-in options to erase an iPhone after 10 incorrect passcode guessing attempts and there are automatic delays after a wrong passcode has been entered more than five times, but GrayKey appears to bypass these protections.

    It's not clear if the GrayKey can reach the fastest unlocking times outlined by Green, but even at slower unlocking speeds, it only takes days to get into an iPhone with a 6-digit passcode. Comparatively, it takes over a month to crack an iPhone with an 8-digit passcode, or more than 13 years to get into an iPhone with a 10-digit passcode.

    With the release of iOS 9 in 2015, Apple switched from a four digit passcode to a 6-digit passcode as the default, making iOS devices more secure, but for those concerned about their iPhones being accessed either by law enforcement with the GrayKey or by a hacker with a similar cracking tool, a 6-digit passcode is no longer good enough.

    Several security experts who spoke to Motherboard said people should use an alphanumeric passcode that's at least seven characters long and uses numbers, letters, and symbols.
    To change your iPhone's passcode from a simple numeric 6-digit passcode to something more secure, you'll need to use the Settings app. Go to "Face ID & Passcodes" in the Settings app, enter your current passcode, scroll down, and then choose "Change Passcode."

    You'll be asked to enter your new passcode on this screen, but you'll actually want to tap on the blue "Passcode Options" text towards the middle of the display. Choose "Custom Alphanumeric Code" to enter a passcode that consists of letters, numbers, and symbols.

    [​IMG]

    With an alphanumeric passcode in place, you'll no longer be presented with a numeric keyboard when unlocking your iPhone, and instead, you'll see a full keyboard available to type in your passcode.

    There's a definite compromise between easy device accessibility and security when using a longer alphanumeric passcode like this. It's a lot easier to type six numbers than it is to type a mixed character alphanumeric passcode into an iOS device, but for complete security, longer and more complex is the way to go.

    Article Link: iPhone Cracking Methods Like GrayKey Box Can Guess a Six-Digit Password in 11 Hours on Average
     
  2. thenewyorkgod macrumors newbie

    Joined:
    Nov 18, 2011
    #2
    Concerning that they can bypass Apple's "10 strikes and you're out" feature.
     
  3. AbSoluTc macrumors 68040

    AbSoluTc

    Joined:
    Sep 21, 2008
    #3
    No user should be using a numeric only passcode. It should be custom Alphanumeric. Period. Doesn't matter if you're doing something wrong or if you have nothing to hide.

    Don't be ****ing lazy. Think of the children.
     
  4. pradeepbabloo macrumors member

    pradeepbabloo

    Joined:
    Mar 1, 2016
    #4
    Alphanumeric is the way!
    The current GrayKey will probably be obsolete in months time from now (or even with 11.4!)
     
  5. William Gates macrumors 6502

    William Gates

    Joined:
    Oct 26, 2007
    #5
    You mean not everyone is using a memorized 64 character random string? lol. They deserve getting hacked then.


    /sarcasm
     
  6. Relentless Power macrumors Core

    Relentless Power

    Joined:
    Jul 12, 2016
    #6
    I use ten. They can have my data if takes approximately 13 years to extract my information, which I’m not to concerned with.
     
  7. ike1707 macrumors 6502

    Joined:
    Jan 20, 2009
  8. Christian 5G macrumors 6502a

    Christian 5G

    Joined:
    Jun 16, 2010
    Location:
    Orange County, CA
  9. newellj macrumors 603

    Joined:
    Oct 15, 2014
    Location:
    Boston, MA, US
    #9
    HS. I am a math dunce but I am shocked by how steep the curve is for additional characters.

    Also, I've been running an 8-digit numerical code. I guess I will go to alphanumeric and bump it up to ten.
     
  10. ricktat macrumors 65816

    Joined:
    Feb 18, 2013
    #10
    0 1 2 3 4 5 6 7 8 9

    It will take them 13 years!

    People mess up by not using the 0 first... much more secure
     
  11. newellj macrumors 603

    Joined:
    Oct 15, 2014
    Location:
    Boston, MA, US
    #11
    Ha ha, yup. As I just posted, the rate at which the time to crack the passcode goes up is amazing. I am going to change my devices - right now.
     
  12. guzhogi macrumors 68030

    guzhogi

    Joined:
    Aug 31, 2003
    Location:
    Wherever my feet take me…
    #12
    I wonder how long it would take for it to guess this password:

     
  13. robertcoogan macrumors 6502

    robertcoogan

    Joined:
    Apr 5, 2008
    Location:
    Joshua Tree, California
  14. newellj macrumors 603

    Joined:
    Oct 15, 2014
    Location:
    Boston, MA, US
    #14
    I'm not sure why I didn't think of this before. Both of my Macs are protected by a 16-character passcode that has upper and lower case alpha, numerics, and special characters. My iOS devices deserve more than just an eight digit numeric code.
     
  15. avanpelt macrumors 68030

    Joined:
    Jun 2, 2010
    #15
    If only I could access 1Password from the lock screen. I’d have a 30+ digit, mixed case, alphanumeric passcode.
     
  16. OldSchoolMacGuy macrumors 68040

    OldSchoolMacGuy

    Joined:
    Jul 10, 2008
    #16
    These devices have existed nearly as long as the iPhone has and you guys are just now becoming aware of them. You should see what's been done on other platforms. FileVault can be broken fairly quickly too and is. If you only knew the extent of the capabilities within the forensic community.
     
  17. mariusignorello macrumors 65816

    Joined:
    Jun 9, 2013
    #17
    Apple needs to make the data wipe threshold apply to this hack method too.
     
  18. guzhogi macrumors 68030

    guzhogi

    Joined:
    Aug 31, 2003
    Location:
    Wherever my feet take me…
    #18
    Way better than this one:

     
  19. lenard macrumors 6502

    Joined:
    Oct 10, 2007
    Location:
    Raleigh NC
    #19
    I use 13 characters. So with the length of time it takes to crack a long pass code, its almost useless to invest in
    that cracking tool if they have to wait to the next century for the results...
     
  20. justperry macrumors G3

    justperry

    Joined:
    Aug 10, 2007
    Location:
    In the core of a black hole.
    #20
    Exactly this, why use a difficult alphanumeric passcode while it takes 6 ½ years avg. to get into your phone, most likely the phone won't work anymore by the time the password is/would be guessed.
     
  21. blackcrayon macrumors 68000

    Joined:
    Mar 10, 2003
    #21
    the main difference is the difficulty of entering the code, and 1 handed, etc.
     
  22. justperry macrumors G3

    justperry

    Joined:
    Aug 10, 2007
    Location:
    In the core of a black hole.
    #22
    Huh.... and then????
     
  23. MacsRuleOthersDrool macrumors 6502a

    Joined:
    Sep 8, 2016
    #23
    Hopefully Apple has already purchased a few to dissect (through a suitable shell corporation, of course!)...
     
  24. BaltimoreMediaBlog macrumors 6502a

    BaltimoreMediaBlog

    Joined:
    Jul 30, 2015
    Location:
    DC / Baltimore / Northeast
    #24
    I figure if my iPhone is stolen, that means I'm dead, so what do I care? :D
     
  25. blackcrayon macrumors 68000

    Joined:
    Mar 10, 2003
    #25
    When Apple introduced Touch ID a lot of people said they were just fine with a passcode... Now there will be an even bigger convenience reason to use that or FaceID vs a potentially complex password.
     

Share This Page