Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iPhone Cracking Methods Like GrayKey Box Can Guess a Six-Digit Password in 11 Hours on Average
- Thread starter MacRumors
- Start date
- Sort by reaction score
If you are using passcodes in 2018, you deserve to have your phone hacked. Lets get real. Nobody that is trying to hide information on their phone is going to be using a passcode
Yes but you're not going to have your identify stolen because someone got access to a Graykey and bypassed Apple security. You have a better chance of having much more horrible things happen to you like getting murdered, hit by a car, getting cancer...etc.
When it comes to things like this you need to weigh probability and make decisions based on that.
True...I think. Law enforcement really, really pushes the boundaries and the law is still evolving. There is too much conflicting information out there for a non-legal expert like me to be sure of the law in the location I happen to be in (I travel, both in the U.S. and abroad):
Washington State
Incident to Arrest/Emergency
Less Rights in Vehicles?
Phone Seized as Evidence
So I try and stay calm and encrypt (strongly).
If there is somebody who wants the data on your phone and they are willing to pay what this device costs then you’ve got bigger problems than how many digits your unlock code is.
Last edited:
What makes you think they're the only ones who might want to get into your phone, legally or otherwise?
[doublepost=1523932759][/doublepost]
What if you just want to do your banking on your phone? Can you have strong encryption then?
Someone will figure it out again.
That's the only thing all those 'maximum X tries' solutions from different companies (or open source developers) on different operating systems have in common, no matter how they are implemented, someone found a way to circumvent them.
If you are concerned about security, switch to alphanumeric passwords only.
The amount of possible combinations does increase significantly, 4 alphanumeric signs are already more secure than 15 digits.
But a bad guy would need one of these devices.... AND they need to have your phone.
That's why I'm not personally worried about bad hackers getting these devices.
If my phone is out of my control... I've got bigger things to worry about.
Or if I simply lost my phone on an airplane or subway... I would remotely brick it via Activation Lock... thus rendering it useless to thieves.
I'm just a normal dude. I'm not carrying state secrets on my phone. But if I was a high-value target... I would definitely have an insane alphanumeric password.
I have no doubt that someday these GreyBoxes will end if in the wrong hands.
But the chances of my phone also being in those same hands are slim to none.
Last edited:
Great solution, because something like false accusations doesn't exist, right?
Being innocent doesn't mean being willing to share all your personal data + login to all your accounts.
And how about 3rd parties? Or other governments when abroad?
Did you know that insulting people is illegal in Germany and can give you up to 2 years in prison in rare cases? But generally it's a safe assumption to lose at least 2 weeks to 6 months of pay as punishment. Great, in't it?
So no, I'm definitely not willing to share my data with the government.
As an expert in IT I know I should be using an alphanumeric passcode, and these posts have been reminding me just how important something as simple as that can be.
Plus I'm always preaching security to my friends and family so I should definitely be walking the talk!
Plus I'm always preaching security to my friends and family so I should definitely be walking the talk!
If iOS wasn't constantly asking for a password every 10 seconds, more people could set to something more complex. Having touchid/faceid is useless because of how constantly the OS requires you to put a password in for something.
I’m surprised people don’t use alphanumeric codes been using it since my first iPhone was stolen back in the days
My understanding of how it works is that it copies the contents of the phone into virtual machines that can then rapidly try different codes. Throttling never comes into play because they are effectively using thousands of different virtual phones and then discarding them. That means the real limitation is how fast the computer can enter the PIN then move on to the next VM.
Or I could be totally wrong.
This.
For example, brought up in a different thread, Customs and their zeal to inspect devices and willingness to skirt the Fourth Amendment is a good example (anyone who has driven in these 100mi zones along the border has probably run into the permanent checkpoints and their prying).
https://www.aclu.org/other/constitution-100-mile-border-zone
I have seen 3 aliens landing on my backyard in the middle of the night.. two of them were singing Macarena, and the third one was so drunk, he was just floating 20 feet in the air. But keep telling yourself that kind of stuff is impossible if it makes you feel better.
Given that most programmers will implement a linear search, numbers and letters at the end of the scale will give you more protection.
For some maybe. I worked in a business where whenever we called someone we'd need to say both the name of the place and a unique department/ID number. The number becomes engrained in your brain. Move locations or departments a few times and you have a few strings of numbers to put together. I remember every single one of them - if my password wasn't already complicated and alphanumeric, I could create a memorable passcode far exceeding the ones mentioned here.
