GrayKey May be Able to Bypass 6-Digit Passcodes in 11 Hours on Average
iOS security is typically a hot topic, and it certainly has been lately, especially as cracking options start to find their way out into the real world.
Recently, for instance, it was reported that police departments in the United States are starting to buy Grayshift’s cracking option, what they call GrayKey, which is giving them unprecedented access to previously secured iOS devices. Now, in a new report from Motherboard, we can get a look at potential speeds at which GrayKey (and some other cracking options) can bypass a passcode.
Up to this point, there has been a debate on how fast something like GrayKey can bypass an iOS device that’s secured by a passcode. Of course, it depends on how many digits there are. A 4-digit passcode is the easiest to bypass, with expectations that it could last just a few hours. But, based on this report, it looks like it’s much, much faster.
As noted by Matthew Green, an assistant professor and cryptographer at the Johns Hopkins Information Security Institute, it might take GrayKey only six and a half minutes to bypass a 4-digit passcode. A six-digit passcode? About 11 hours on average, or just over 22 hours in a worst-case scenario:
Guide to iOS estimated passcode cracking times (assumes random decimal passcode + an exploit that breaks SEP throttling):— Matthew Green (@matthew_d_green) April 16, 2018
4 digits: ~13min worst (~6.5avg)
6 digits: ~22.2hrs worst (~11.1avg)
8 digits: ~92.5days worst (~46avg)
10 digits: ~9259days worst (~4629avg)
The consensus, as is par for the course, is that utilizing a longer passcode is the best possible method. The best scenario, though, is a longer alphanumeric passcode:
“People should use an alphanumeric passcode that isn’t susceptible to a dictionary attack and that is at least 7 characters long and has a mix of at least uppercase letters, lowercase letters, and numbers,” Ryan Duff, a researcher who’s studied iOS and the Director of Cyber Solutions for Point3 Security, told me in an online chat. “Adding symbols is recommended and the more complicated and longer the passcode, the better.”
Related tutorial: How to Make a More Complex and Stronger Password for Your iPhone?
- ICCID Activation Bug can Factory Unlock Any iPhone with a Turbo SIM Unlock iCloud and Recover Deleted Data - "UFED" From Israel Hackers iOS 11Patches Bug is Used on Crack Open iPhone 7/ 7Plus Passcode iOS 11.4 to Disable USB Port After 7 Days, Lightning Becomes Charge-only Phone-Cracking Firm Cellebrite Claims It Can Unlock Latest iPhones Cops Open Locked iPhones with GrayKey All the Time Test of Twins Using Face ID to Unlock iPhone X 'GrayKey' iPhone Unlocking Box Used by Law Enforcement Shown Off in Photos