Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cops Can Crack an iPhone In Under Two Minutes

Posted by Soulskill on from the can-i-see-that-for-a-minute dept.

Sparrowvsrevolution writes "Micro Systemation, a Stockholm-based company, has released a video showing that its software can easily bypass the iPhone's four-digit passcode in a matter of seconds. It can also crack Android phones, and is designed to dump the devices' data to a PC for easy browsing, including messages, GPS locations, web history, calls, contacts and keystroke logs. The company's director of marketing says it uses an undisclosed vulnerability in the devices it targets to run a program on the phone that brute-forces its passcode. He says the company's business is 'booming' and that it's sold the devices to law enforcement and military customers in 60 countries. He says Micro Systemation's biggest customer is the U.S. military."

11 of 375 comments (clear)

  1. Wasted taxpayer money by deathtopaulw · · Score: 5, Insightful

    What happens when these vulnerabilities are fixed and the kits become useless? I assume our overlords will have to pay for a new version.

    1. Re:Wasted taxpayer money by dougmc · · Score: 4, Insightful

      What happens when these vulnerabilities are fixed and the kits become useless? I assume our overlords will have to pay for a new version.

      Serious answer, they probably get a support contract when they buy the software that entitles them to support and updates during the length of the contract. That's the way commercial Enterprise software generally is licensed, I see no reason why this would be different.

      It's entirely possible that their vulnerability could be fixed and they end up with nothing they can use for a while, and there's probably a clause in the contract that says this could happen but that they promise to make a good faith effort to find more vulnerabilities and "fix" their software as soon as possible. (But I seriously doubt it offers their money back -- after all, the rest of the software will probably still work, and even this part will still work on unpatched phones.)

    2. Re:Wasted taxpayer money by AngryDeuce · · Score: 3, Insightful

      What happens when these vulnerabilities are fixed and the kits become useless?

      Then they throw you in the clink until you decrypt it for them.

      America! Fuck Yeah!!

  2. Undisclosed? by ichthus · · Score: 5, Insightful

    If the manufacturers (Apple and Google) were truly interested in patching these "undisclosed" vulnerabilities, they could purchase this software and run it on test/dev devices to see how it's done.

    --
    sig: sauer
    1. Re:Undisclosed? by FunPika · · Score: 4, Insightful

      Looking at Micro Systemation's website, they verify who you are and what you are going to use it for before they even start discussions on selling it. Something tells me getting contacted from an Apple email saying that they want to render the software useless is not going to get past that.

      --
      After years of not using a signature, I am going to make one to say the following: Fuck Beta
  3. Keystroke Logs? by steevven1 · · Score: 4, Insightful

    Um, why do these even exist on the phones in the first place?

  4. Re:4-digit pass code... by X0563511 · · Score: 3, Insightful

    Does it actually wipe it, or merely disable your ability to unlock it without help from Apple?

    --
    For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
  5. DMCA? by v1 · · Score: 5, Insightful

    isn't this a violation of the (grossly over-broad) DMCA, in "bypassing a protective measure"?

    I mean, technically, aren't they hacking it and selling an exploit?

    It would be refreshin to see that law used to protect some of the public for once.

    --
    I work for the Department of Redundancy Department.
  6. Re:Not much good if the passcode is easy to guess by Githaron · · Score: 4, Insightful

    You could have a soft and hard lock. A soft lock could be done with a short simple pin. When you believe that you are in danger of having your device taken you put it in a hard lock that clears the decrypted encryption key from the memory and requires the full password to unlock. Not perfect but a compromise.

  7. You are all overthinking this... by weweedmaniii · · Score: 4, Insightful

    The easiest workaround, if you are doing something questionable with your smartphone, is to carry a dumb phone, with an appropriate number of contacts: Mommy, a pastor, the local animal rescue shelter, etc. and hand that to the LEOs. They aren't going to ask "Is this the only phone?" They look, they see that you are Mr. Citizen of the Year and you're on your way...

    --
    "If stupid things work...then they are not stupid."
  8. Re:Crack your iPhone? by Relayman · · Score: 3, Insightful

    This may give the police some information, but I doubt they could use it in court. How can they prove that they didn't introduce some data during this process?

    --
    If I used a sig over again, would anyone notice?