Tuesday, April 03, 2012

Jailbreaker explains truths behind two-minute iOS passcode cracking

A well-known iOS jailbreaker has taken a look at the claims of a Swedish security firm which had claimed to be able to break past an iOS device's security in under two minutes. Will Strafach, better known to the jailbreaking community as "@chronic," said the firm's claims are a lot better on paper than in actuality.

While it was known that Micro Systemation's XRY tool didn't require the device to be jailbroken, the firm did admit that it used iOS exploits to break into the device. In fact, Chronic said, XRY uses the well-known "limera1n" exploit released by George "geohot" Hotz.

It then creates a "custom ramdisk" which is then used in the company's brute force method of breaking past the iOS passcode. In addition, he explained the “two-minute” claim of Micro Systemation is only true if a passcode is “0000.” As the firm admitted, but did not elaborate on, the time increases as more complex passcodes are used.

There are several methods to block such break-ins by XRY or any other forensics tool, he added. First, specifically since the "limera1n" exploit does not exist in the A5 and A5x chips, if you have an iPhone 4S, iPad 2, or new iPad, XRY won't work. Also, if you disable “Simple Passcode” in iOS, then set a longer password, it would take anything like XRY a lot longer to break in via brute force.

No comments: