Categories
Hack iOS iPhone Legal News security Software

GrayKey cracking device posts average time of 11 hours to break 6-digit iPhone unlock code

Say what you will about iPhone cracking, the GrayKey seems to work.

The GrayKey, which is being purchased by assorted law enforcement agencies, works with all modern iPhones and the newest versions of iOS 11, has been reported as being about to crack 4-digit passcodes in a matter of hours and 6-digit passcodes in days. In recent reports, cracking times for the GrayKey and other similar iPhone unlocking methods can potentially be even faster and 6-digit passcodes no longer offer adequate protection.

Matthew Green, assistant professor and cryptographer at John Hopkins Information Security Institute, said this morning on Twitter that with an exploit that disables Apple’s passcode-guessing protections, a 4-digit passcode is crackable in 6.5 minutes on average, while a 6-digit passcode can be calculated in 11 hours.


Apple does have built-in options to erase an iPhone after 10 incorrect passcode guessing attempts and there are automatic delays after a wrong passcode has been entered more than five times, but GrayKey appears to bypass these protections.

It’s unknown as to whether the GrayKey can match or beat the fastest unlocking times (cracking a 4-digit passcode in 6.5 minutes and a 6-digit passcode in 11 hours).

With the release of iOS 9 in 2015, Apple switched from a four digit passcode to a 6-digit passcode as the default, making iOS devices more secure, but for those concerned about their iPhones being accessed either by law enforcement with the GrayKey or by a hacker with a similar cracking tool, a 6-digit passcode is no longer good enough.

“People should use an alphanumeric passcode that isn’t susceptible to a dictionary attack and that is at least 7 characters long and has a mix of at least uppercase letters, lowercase letters, and numbers,” Ryan Duff, a researcher who’s studied iOS and the Director of Cyber Solutions for Point3 Security, stated. “Adding symbols is recommended and the more complicated and longer the passcode, the better.”

Users can change to an alphanumeric passcode by going to the iOS Settings app, tapping “Face ID & Passcodes,” tapping “Change Passcode”, tapping the blue “Passcode Options” text towards the middle of the display. From there, choose “Custom Alphanumeric Code” to enter a passcode that consists of letters, numbers, and symbols.

With an alphanumeric passcode in place, you’ll no longer be presented with a numeric keyboard when unlocking your iPhone, and instead, you’ll see a full keyboard available to type in your passcode.

This might be more tedious to type in, but it’ll take that much longer to crack should the iPhone ever fall into the wrong hands.

Stay tuned for additional details as they become available.

Via MacRumors, Motherboard and Twitter