iPhone Cracking Methods Like GrayKey Box Can Guess a Six-Digit Password in 11 Hours on Average

[Michael Scrip]

Why is Tim Cook still CEO?

Because his phones are still harder to crack than every other manufacturer?

If there's anything I've learned from this thread... it's that any digital device can be opened if you have enough time or money.

But it can range from hours to centuries depending on password length. I'm still glad articles like this exist.

It's funny how I've never seen an article describing the method to crack some cheap TracPhone.

 

[cicalinarrot]

No it's not theoretical. Matt is calculating that based on the fact that it takes 80ms per attempt. Because of how the iPhone is designed, the cracking HAS to be done on device (without a really destructive process which is out of scope here).

That's what theoretical means. That you haven't practically done it. No matter how exact and calculated it is, it's still theoretical. Check the definition.

 

[gavroche]

Why is it necessary to use numbers in a passcode? Wouldn't a simple nonsensical sentence significant only to you work just as well?
Like "my hamster's buckteeth are blue" or something like that.

What are you feeding your hamster!
[doublepost=1524003551][/doublepost]

Why is Tim Cook still CEO?

Read the front page article on Apple profits. 'Nough said.

 

[Kekinash]

Or there are too many paranoids here or this forums attracts all the criminals worldwide.....




JK

 

[Rocko99991]

How about Apple release an OS update that makes these tools obsolete?

 

[chucker23n1]

How about Apple release an OS update that makes these tools obsolete?

That’s a great idea that I’m sure they haven’t thought of.

 

[Robert.Walter]

Pro-tip, if you have a TouchID or FaceID iPhone:
1. Use custom alphanumeric setting;
2. Use your AppleID as the p/w;
3. Make sure your AppleID p/w is a) unique, b) unlike any of your other p/w’s but memorable, and c) 12 characters or more with a/A/1/$ included.

Do this and you won’t have to type in in all that often but just enough (after s/w u/d’s or a couple of days disuse) to keep one’s AppleID fresh in the user’s mind.

 

[littyboy]

I think for better security, the phone should NOT tell you how many digits or alphanumeric there are. You should be able to type in the password and then press enter.

 

[andrewmarich]

Looks like I need to change my passcode !

 

[cwt2nospam]

Sure, but this article isn't about web SSH or app passwords, both of which protect online banking. It's about the phone's passcode, which prevents access to unprotected files and unprotected apps like Mail or iMessages.

Seriously? You really think that protecting the phone's passcode offers no additional protection for my bank account? What bank(s) do I use? If you could get into my phone, you'd get at least some of that information. You'd also have an opportunity to try to get into any accounts I access from that phone.

 

[AppleScruff1]

Actually, that would only take about 4 months at their current rate if their algorithm guesses numbers in order. It would only take 13 years if their algorithm guesses numbers randomly. If their algorithm is smart, though, it probably guesses the easiest passwords to remember first, and that one would get guessed almost immediately.

You would be far safer using a 6 character password with a combination of lower case, upper case, number, and special character than you would be using a 10 digit password with only numbers.

10 digit password with numbers only = 10 possible digits = 10^10 = 10,000,000,000 possible combinations to test

6 char password with lower case, upper case, numbers, and special characters = 97 (26 + 26 + 10 + 35) possible characters = 97^6 = 832,972,004,929 possible combinations to test

No doubt someone would spend 4 months trying to hack some random Macrumors users phone.

 

[OlliFlamme]

No doubt someone would spend 4 months trying to hack some random Macrumors users phone.

I am a volunteer!

 

[MacsRuleOthersDrool]

What makes you think they already didn't?

Isn't what that I implied?
[doublepost=1524023111][/doublepost]

Do you think somebody with any real inside knowledge would be posting on a widely read public forum?

That's kind of what I was implying...

 

[nicho]

I think for better security, the phone should NOT tell you how many digits or alphanumeric there are. You should be able to type in the password and then press enter.

So long as you use a 7 digit or greater passcode, it works exactly like this.

 

[Tech198]

That's what theoretical means. That you haven't practically done it. No matter how exact and calculated it is, it's still theoretical. Check the definition.

Exactly... no one ones until its proven in real life... Its only theory...

This is why i believe any cracking math stuff is false, because its just "math" NOW....... maybe we made a mistake and we will find a loophole tomorrow ??

The proof that that the "loophole" is not proven doesn't mean anything, because how can you prove something if you havan't found it yet?

Just because we believe we need quantum computers to do this only goes by the side lines of "Have we really tested everything?" Makes ya think..


(It makes me think)

 

[Ryan.D.Duff]

Speculation was the second lightning port was to hook up a jailbroken phone and use it as the cracking device. The GrayKey would copy the minimum needed OS information from the siezed device to the jailbroken device and run the decrypting program. If the 10 wrong password setting is turned on it just recopies the same files to the jailbroken device over and over until it finally stumbles on the right passcode.

No source, just random internet gossip that would make sense.

This is completely inaccurate and wouldn't even work for a number of reasons.
[doublepost=1524055171][/doublepost]

[doublepost=1523969349][/doublepost]
No. That's not how it works. Your face/fingerprint is actually used as a decryption key to decrypt your passcode that is stored encrypted in the Secure Enclave on the iPhone. When you use FaceID, you are decrypting your normal passcode which then gets entered like normal. It doesn't replace your passcode.
---------
Not exactly. The passcode is never stored encrypted or otherwise. Except in your brain.

A phone with TouchID or FaceID on never fully "locks"; a state where the high level keys are tossed. When *locking*, the phone encrypts these high level keys within the Secure Enclave. A successful fingerprint or face match will decrypt the high level keys, making the user data partition available again.

This is not correct. Your passcode absolutely is stored encrypted. It stores it when you enter it on your phone the first time on boot and erases it after a certain number of failed attempts of Touch/FaceID or after a certain amount of time passes without a login. Read the iOS Security Guide. If you have a phone with TouchID, you can literally watch it in action. If you swipe to the screen where you enter your passcode, and then lay your thumb down, you can literally watch it fill in the passcode.

What you are describing is the process that happens after the passcode is entered.
[doublepost=1524055402][/doublepost]

They aren't trying passcodes by giving them to the phone, so the Secure Enclave coprocessor doesn't even come in to play or know about any passcode attempts. They are pulling a piece of encrypted data off the phone, and then attempting to decrypt it with passcodes until the decrypted data makes some sort of sense. This is why the iPhone only needs to be plugged in to start the cracking, and can be unplugged after that while the machine works. What Apple needs to do is figure out what encrypted data they are able to pull from the phone while it's locked, and prevent that data from being pulled.

This is not true. Why do people keep making things up? The passcodes HAVE to be entered on the phone because the passcode is entangled with the UID that is built in to the SEP and is not extractable. GrayKey works by installing software ON the phone and having it crack itself. MalwareBytes even has photos of it in action. It HAS to be done this way. Stop spreading misinformation.
[doublepost=1524055564][/doublepost]

I think for better security, the phone should NOT tell you how many digits or alphanumeric there are. You should be able to type in the password and then press enter.

This is how it works when you use an alphanumeric passcode...
[doublepost=1524055780][/doublepost]

That's what theoretical means. That you haven't practically done it. No matter how exact and calculated it is, it's still theoretical. Check the definition.

It HAS been practically done... The GrayKey device is doing it. I'm telling you that the limitation in cracking speed is locked in hardware. 80ms is the low end limit and that 80ms limit is hit all the time.

 

[cicalinarrot]

It HAS been practically done... The GrayKey device is doing it. I'm telling you that the limitation in cracking speed is locked in hardware. 80ms is the low end limit and that 80ms limit is hit all the time.

The cracking has been done, a twenty years one hasn't, so it's theoretical. I have driven a car 10mph, I know for sure I could do it for 10 hours and I know for sure I'd travel 100 miles. But until I do it, it's just theoretical. What's the problem you people have with this word, as if it was an insult?

 

[Ryan.D.Duff]

The cracking has been done, a twenty years one hasn't, so it's theoretical. I have driven a car 10mph, I know for sure I could do it for 10 hours and I know for sure I'd travel 100 miles. But until I do it, it's just theoretical. What's the problem you people have with this word, as if it was an insult?

I disagree with that definition though.

Theoretical - based on or calculated through theory rather than experience or practice
antonyms: actual, real

This calculation isn't calculated through theory. It's calculated based on the practical and demonstrated limitations of the hardware. That time is not a theoretical time calculation.

 

[Defthand]

Seriously? You really think that protecting the phone's passcode offers no additional protection for my bank account? What bank(s) do I use? If you could get into my phone, you'd get at least some of that information. You'd also have an opportunity to try to get into any accounts I access from that phone.

Sure, it provides another layer of security, but it’s overkill. If your phone is lost or stolen, you can brick it remotely and also freeze your accounts until you can change their passwords. Not to mention, banks and investment firms insure any losses that are a result of theft.

 

[cicalinarrot]

I disagree with that definition though.
Theoretical - based on or calculated through theory rather than experience or practice
antonyms: actual, real

This calculation isn't calculated through theory. It's calculated based on the practical and demonstrated limitations of the hardware. That time is not a theoretical time calculation.

We may discuss it for ages but you're just wrong and distorting words. The cracking itself is real. I agree. The calculation is theoretical, it's applied to something real, as you said, but, as a calculation, it's based on math which is, by definition, theoretical. Apples are real but if you sum a billion apples to a billion apples, you're doing a theoretical calculation, even though the result is exact and proven. They haven't actually cracked a phone for twenty years, they know how long it would take because a calculation that didn't involve actaully cracking a phone for twenty years. I don't know how to explain it better and I frankly don't care anymore.

 

[Tech198]

This is completely inaccurate and wouldn't even work for a number of reasons.

Yep.... A jail-brocken iPhone does not need to be cracked, because that is why u jail-break in the first place. Because you want to do what you want.

 

[Ryan.D.Duff]

Yep.... A jail-brocken iPhone does not need to be cracked, because that is why u jail-break in the first place. Because you want to do what you want.

Well that's not true either.... Jailbreaking a phone doesn't remove it's encryption. Also, simply jailbreaking a phone wouldn't allow the cracking done here. You have to also exploit the Secure Enclave since that is what enforces the passcode restrictions.

But again, even with doing those things, you still have have to brute force the passcode in order to decrypt the phone. It has to be done on device though because the passcode is entangled with the UID that is embedded in the SEP to generate the decryption key.

 

[megfilmworks]

Once Touch ID and Apple Pay came to the iPhone,
I changed to a 12 character password of random numbers and upper and lower case letters.
That should take 100 years or so....

 

[Musocat]

I've seen 25 character mixed case with numbers of special characters cracked in under 20 hours. But keep telling yourself that kind of stuff is impossible if it makes you feel better.

Suuuure you have. That's why the FBI is lining up to buy gray boxes, because it only takes 20 hours to crack into an iPhone. But keep telling yourself that kind of stuff if it makes you feel better.

 

[cwt2nospam]

Sure, it provides another layer of security, but it’s overkill. If your phone is lost or stolen, you can brick it remotely and also freeze your accounts until you can change their passwords. Not to mention, banks and investment firms insure any losses that are a result of theft.

So you get to decide how much security we need on our phones?