iPhone passcode cracking is easier than you think

A Swedish security firms shows that it can break into a passcode-protected mobile phone in a matter of minutes.

Dara Kerr Former senior reporter
Dara Kerr was a senior reporter for CNET covering the on-demand economy and tech culture. She grew up in Colorado, went to school in New York City and can never remember how to pronounce gif.
Dara Kerr
2 min read
Screenshot by Matt Elliott/CNET

A report came out last fall suggesting that repeating one number in the iPhone's four-digit security PIN made for better protection than using all unique numbers. However, that little trick doesn't seem to go very far with Micro Systemation, a Swedish security firm that helps police and military around the world crack digital security systems.

The company released a video last week that shows just how easy it is to break into a passcode-protected iPhone or Android device.

The video, "Recovering the Passcode from an iPhone," tapes a demonstration where a company spokesman uses an application called XRY and accesses the contents of the mobile phone in less than two minutes. User information, such as GPS location, call history, contacts, and messages, can all be read.

The way the XRY software works is a lot like jailbreaking into the phone, according to Forbes, which talked to the company about the application. Rather than looking for vulnerabilities made by the manufacturer, the software searches for security flaws by guessing every combination of numbers to find the correct code.

"Every week a new phone comes out with a different operating system and we have to reverse engineer them," Micro Systemation marketing director Mike Dickinson told Forbes. "We're constantly chasing the market."

According to mobile security provider Lookout, both iOS and Android could beef up their security. Both are potentially threatened by rogue apps and both are susceptible to Web-based malware, just like any Internet-connected device.

Dickinson said that the longer users' passcodes are the better and the more difficult the devices become to crack -- even using XRY. "The more complex the password, the longer and harder it's going to be to access the phone," he said.