Law enforcement tools can bypass the iPhone passcode in under two minutes

Tool can also be used to crack Android handsets.
Written by Adrian Kingsley-Hughes, Senior Contributing Editor

Do you have a passcode set on your iPhone? Does it give you a warm fuzzy feeling that your data is securely locked away from prying eyes? Think again.

Technology available to law enforcement officials by Swedish firm Micro Systemation can be used by to hack into the handset and bypass the four-digit passcode in less than two minutes.

Here's a video of the tool, called XRY, in action against a passcode-protected iPhone 4:

Note: iPhone 4S and iPad 2/3 are not supported.

XRY works by first jailbreaking the handset. According to Micro Systemation, no 'backdoors' created by Apple used, but instead it makes use of security flaws in the operating system the same way that regular jailbreakers do.

Once the iPhone has been jailbroken, the tool then goes on to 'brute-force' the passcode, trying every possible four digit combination until the correct password has been found. Given the limited number of possible combinations for a four-digit passcode -- 10,000, ranging from 0000 to 9999 -- this doesn't take long.

Once the handset has been jailbroken and the passcode guessed, all the data on the handset, including call logs, messages, contacts, GPS data and even keystrokes, can be accessed and examined.

Since this tool relies on brute-forcing the passcode, the makers acknowledge that you can make the handset harder to crack by choosing to use a more complex passcode than the four digit code used as default.

Feeling smug because you're using an Android handset as opposed to an iOS device? I hate to be the bearer of bad news but the XRY can also crack locked Android handsets, too.

More videos by Micro Systemation are available here.


Editorial standards