GrayKey Box can crack six-digit iOS password in 11 hours on average

Photo: MalwareBytes

If you’re an iPhone user (or use any iOS device as a matter), it may be time to consider using a stronger passcode.

In the wake of the San Bernardino terrorist attacks, Apple stepped up its iOS security protocols by enabling disk encryption by default, requiring a passcode to decrypt it (which is done every time you unlock your phone). Also, newer versions of iOS require a six digit minimum unlock code, versus a four digits on older systems.

However, a company called GrayKey recently developed a low-cost device that can be connected to any iOS device, promising to unlock it by using brute force. Usually, if someone unsuccessfully tries to unlock an iOS device, it would enforce a delay as follows.

  • 1-4 tries: no delay
  • 5 tries: 1 minute delay
  • 6 tries: 5 minute delay
  • 7-8 tries: 15 minute delay
  • 9 tries: 1 hour delay
  • 10 tries: Optional setting to wipe phone’s memory

The GrayKey Box allegedly bypasses this delay protocol, allowing the software to continually guess passwords until the phone is unlocked. So far the device has only been made available for sale to U.S. law enforcement officials.

Matthew Green, Assistant Professor of Computer Science at the Johns Hopkins Information Security Institute, did the math and worked out worst and average case scenarios, showing how effective the GrayKey box could be. For those with four digit passcodes, your device could be unlocked in mere minutes. Six digit passcodes take a bit more time, but could easily be cracked in less than one day depending on how random the number sequence is.

Based on these estimates, iOS users should consider using longer and more complex passcodes that are at least 9 characters long. A ten digit passcode code could take anywhere from 12 1/2 to 25 years to crack.

Green acknowledged that using a combination of alphanumeric and special characters would add extra time to the decryption process, but said that simple swapping of letters for numbers (e.g. l33t instead of leet) would barely increase passcode complexity as it could still be easily guessed by the device.

Even if you choose to use numeric characters only, avoid easy sequences like 123456789 or 000000000.

To change your passcode:

  1. Go to Settings > Touch ID & Passcode (Face ID & Passcode on the iPhone X)
  2. Enter your old passcode
  3. Scroll down to Change Passcode
  4. Re-enter your old passcode
  5. To change the length and complexity, click the Passcode Options link above the virtual keypad and choose the type of combination you want.
  6. Enter your new passcode and save.

Whether you’re a novice or seasoned traveler, there is always that one person or group of people that occasionally bug…
If you’re buying a Samsung Galaxy S9 or S9+ from Verizon, expect to see Yahoo-based apps and Bixby news content…
Just two months after the unveiling of the Galaxy S9 and S9+, Samsung is will now offer more internal storage…
As cryptominers shift their attention away from GPUs, graphics cards prices may plummet as shipments are expected drop by as…
Facebook has started beta testing a new feature that allows fans of pages to limit conversations to their friends and…
Caribbean Airlines has joined the ranks of other international airlines by introducing a premium economy cabin. Dubbed “Caribbean Plus”, rows…
It’s 2018 and there are still many websites that believe in forcing users to watch autoplay videos. That’s right, we’re…
Sometimes I like to record a snippet of what I’m listening to on my phone’s iTunes player to post to…
Like many other mobile phone manufacturers, Apple can’t keep anything a secret. In a recently leaked internal memo (a lengthy…
We’ve all seen endless videos about those luxurious and comfortable first and business class seats on airlines like Emirates, EVA…
We're looking for up and coming writers to join our expanding team!