GrayKey Box can crack six-digit iOS password in 11 hours on average

Photo: MalwareBytes

If you’re an iPhone user (or use any iOS device as a matter), it may be time to consider using a stronger passcode.

In the wake of the San Bernardino terrorist attacks, Apple stepped up its iOS security protocols by enabling disk encryption by default, requiring a passcode to decrypt it (which is done every time you unlock your phone). Also, newer versions of iOS require a six digit minimum unlock code, versus a four digits on older systems.

However, a company called GrayKey recently developed a low-cost device that can be connected to any iOS device, promising to unlock it by using brute force. Usually, if someone unsuccessfully tries to unlock an iOS device, it would enforce a delay as follows.

  • 1-4 tries: no delay
  • 5 tries: 1 minute delay
  • 6 tries: 5 minute delay
  • 7-8 tries: 15 minute delay
  • 9 tries: 1 hour delay
  • 10 tries: Optional setting to wipe phone’s memory

The GrayKey Box allegedly bypasses this delay protocol, allowing the software to continually guess passwords until the phone is unlocked. So far the device has only been made available for sale to U.S. law enforcement officials.

Matthew Green, Assistant Professor of Computer Science at the Johns Hopkins Information Security Institute, did the math and worked out worst and average case scenarios, showing how effective the GrayKey box could be. For those with four digit passcodes, your device could be unlocked in mere minutes. Six digit passcodes take a bit more time, but could easily be cracked in less than one day depending on how random the number sequence is.

Based on these estimates, iOS users should consider using longer and more complex passcodes that are at least 9 characters long. A ten digit passcode code could take anywhere from 12 1/2 to 25 years to crack.

Green acknowledged that using a combination of alphanumeric and special characters would add extra time to the decryption process, but said that simple swapping of letters for numbers (e.g. l33t instead of leet) would barely increase passcode complexity as it could still be easily guessed by the device.

Even if you choose to use numeric characters only, avoid easy sequences like 123456789 or 000000000.

To change your passcode:

  1. Go to Settings > Touch ID & Passcode (Face ID & Passcode on the iPhone X)
  2. Enter your old passcode
  3. Scroll down to Change Passcode
  4. Re-enter your old passcode
  5. To change the length and complexity, click the Passcode Options link above the virtual keypad and choose the type of combination you want.
  6. Enter your new passcode and save.

Caribbean Airlines has joined the ranks of other international airlines by introducing a premium economy cabin. Dubbed “Caribbean Plus”, rows…
It’s 2018 and there are still many websites that believe in forcing users to watch autoplay videos. That’s right, we’re…
Sometimes I like to record a snippet of what I’m listening to on my phone’s iTunes player to post to…
Like many other mobile phone manufacturers, Apple can’t keep anything a secret. In a recently leaked internal memo (a lengthy…
We’ve all seen endless videos about those luxurious and comfortable first and business class seats on airlines like Emirates, EVA…
According to a new survey by Piper Jaffray, a securities investment and research firm, more and more U.S. teens are…
With both Xbox and PlayStation consoles receiving receiving proper 4K treatment within the last two years, Sony fans may have…
World renowned physicist Professor Stephen Hawking has passed away at the age of 76. A spokesperson for the family said…
Adobe Creative Cloud (CC) subscribers (including myself) have reported receiving emails about an upcoming price change coming to the editing…
Here’s a quick tip. If you’re browsing one of those ancient local news websites that include autoplay videos, there’s a…