Thursday, March 29, 2012

Video shows security firm's software breaking into password-protected iPhone in two minutes

It should be no secret that law enforcement can extract information smartphones, and that they do. Just how simple it is hasn't really been known, but a video posted by a Swedish security firm shows it breaking into a passcode-protected iPhone in just minutes.

Micro Systemation, a Swedish security firm that sells tools to break into devices of criminal suspects or military detainees, has released a video that shows how simple it is for those with the right tools to break into a secured iPhone or Android device.

The video was available on YouTube but later removed by the company. Named "Recovering the Passcode from an iPhone," it showed a company demonstration of their XRY application. XRY is able to access the contents of the iPhone in under two minutes. User information, including call history, contacts, GPS location, and messages, can be read.

The company supplies 98 percent of the U.K.'s police departments with products, as well as many U.S. police departments and the FBI. Its largest single customer is the U.S. military.

XRY doesn't jailbreak the phone per se, but does rely on the same sort of security vulnerabilities that jailbreakers or rooters do. That being known, it seems that the onus for protecting your data seems to go back to Apple and other OEMs: make bulletproof, totally secure software with no exploitable bugs and none of this is possible.

We all know that bug-less software of any complexity is really impossible. Mike Dickinson, the firm’s marketing director and voice heard in the video, said,

“Every week a new phone comes out with a different operating sytems and we have to reverse engineer them. We’re constantly chasing the market.”

Naturally he's speaking Android, not iOS. Either way, though, the more complex a passcord or password is, including just length, the harder to break. Dickinson said it could reach a point where trying to break in via brute force just isn't worth it.

Hanni Fakhoury, an attorney with the Electronic Frontier Foundation, which fights for "personal freedoms in a networked world," warned:

“If police have a warrant to be in the phone, this is just a way to get access to what they’re legally allowed to. But if they’re going to a protest and seizing folks for booking, and immediately running this on their phones and sucking everything out, we’ve got a real problem.”

No comments: