Here is why you need to stop using six-digit passcodes to protect your iPhone

DO YOU use a six-digit passcode on your iPhone? If so, you need to change it immediately because your device has little to no protection. 

The advice comes after an anonymous source provided security firm Malwarebytes with evidence of a cheap technology which promises to crack any iPhone.

Developed by long-time US intelligence agency contractors and an ex-Apple security engineer, the product known as GrayKey claims it can crack any iPhone running iOS 10 or 11 using Brute force — a trial and error method used by application programs to decode encrypted data such as passwords.

“GrayKey is a grey box, four inches wide by four inches deep by two inches tall, with two lightning cables sticking out of the front,” Malwarebytes explained.

“Two iPhones can be connected at one time, and are connected for about two minutes. After that, they are disconnected from the device, but are not yet cracked.

“Some time later, the phones will display a black screen with the passcode, among other information. The exact length of time varies, taking about two hours in the observations of our source.

“It can take up to three days or longer for six-digit passcodes, according to Grayshift documents, and the time needed for longer passphrases is not mentioned. Even disabled phones can be unlocked, according to Grayshift.”

After the device is unlocked, the full contents are downloaded to the GrayKey device where they can be accessed through a web-based interface on a connected computer.

Based on the claims made by Grayshift and Apple’s delays between password attempts, assistant professor and cryptographer at the Johns Hopkins Information Security Institute Matthew Green did the maths to find out just how vulnerable passcodes are.

Read More (...)