Micro Systemation iOS passcode defeat claims debunked

Summary:Claims by Swedish developer Micro Systemation that it can defeat an iOS passcode in under "two minutes" appear to be grossly overstated and it removed a video demo of it in action.

On March 28 I reported that Swedish developer Micro Systemation claimed that its XRY 6.2 software and hardware can detect and display an iPhone passcode in under "two minutes." Those claims appear to have been inflated according to a post today on 9to5Mac.

In the piece, prolific jail breaker Will Strafach (a.k.a. @chronic) asserts that Micro Systemation's claims of defeating the iPhone passcode lock in "two-minutes" is only true if a passcode is "0000." Strafach adds that the XRY tool cannot be used on devices using the A5 or A5X chip, including the iPhone 4S, iPad 2, and iPad 3.

Strafach explains that XRY is "simply loading a custom ramdisk by utilizing the publicly available ‘limera1n’ exploit by George Hotz. The ramdisk is not even very special, because anyone could put together their own using open source tools." He further debunks the company's claims by stating that it only works on older iOS hardware:

Due to the not-so-techincally-informed reporters writing about the XRY software, this fact has been overlooked. Personally, I think it’s a pretty important fact. The simpliest way to “thwart” the use of this software on your phone would be to get the latest model, because (as people who are farmilliar with jailbreaking know) the limera1n exploit is fixed in the bootrom of the A5 (iPad 2 and iPhone 4S) as well as the A5X (iPad 3) chip.

The XRY demonstration video has since been removed from the Micro Systemation website and the company has not replied to a request for comment.

Update: If you're concerned about the security of the data on your iOS device, I highly recommend moving to an eight-digit passcode (or stronger.) A wonderful article ("The ABCs of XRY: Not so simple passcodes") by AgileBits Inc. (publishers of 1Password) by Jeffrey Goldberg explains that simple (4-digit) passcodes can be cracked in 20 minutes (on average) while 8-digit passcodes take 4.5 months to be cracked. Good reading.

Topics: Developer, Apple, Enterprise Software, Hardware, iPad, iPhone, Mobile OS, Mobility, Networking, Processors, Smartphones


Jason D. O'Grady developed an affinity for Apple computers after using the original Lisa, and this affinity turned into a bona-fide obsession when he got the original 128 KB Macintosh in 1984. He started writing one of the first Web sites about Apple (O'Grady's PowerPage) in 1995 and is considered to be one of the fathers of blogging.... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.