Remember that two-minute passcode lock exploit we told you about last week? The one by Swedish security firm Micro Systemation behind the XRY app that can get to your data, including contacts, messages and call logs? Well, prominent hacker Chronic has proved them wrong. In an effort to set the record straight, the hacker posted a clarification on his website that pretty much debunks their claim.

Though the XYR tool taps a popular jailbreak exploit, Chronic is adamant the two minutes it takes to crack your passcode is only valid if you set your passcode to ‘000’. Conspicuously, that’s the passcode the firm showed in their demo clip. Interesting enough, the original video of the exploit in action is no longer available on YouTube.

The two-minute passcode crack is a “linkbait”, explains the prominent hacker who goes by his real name Will Strafach. According to his blog post from yesterday, the Micro Systemation exploit only holds true if your passcode is set to ‘0000’, adding:

The only “special” thing XRY has done is create a tool that is simple enough to be utilized by LE personnel.

Furthermore, it won’t work on the iPhone 4S, iPad 2 and the new iPad.

The simpliest way to “thwart” the use of this software on your phone would be to get the latest model, because (as people who are farmilliar with jailbreaking know) the limera1n exploit is fixed in the bootrom of the A5 (iPad 2 and iPhone 4S) as well as the A5X (iPad 3) chip.

He’s also saying people unwilling to upgrade their device to the latest model can protect themselves from passcode-cracking tools such as Micro Systemation’s XYR app by setting a lengthier password.

Just open open Settings on your device, tap General, then Passcode Lock and disable the Simple Passcode toggle. This will help better secure your device as it takes “much longer than two minutes” to crack a lengthy passcode.

I must admit, I have my device protected with a simple four-digit passcode. I’m just not fond of long passwords as these take much longer to type in each time I unlock my device.

How about you? Do you use a simple passcode or a lengthier one?

  • or just use androidlock XT

    • Anonymous

      Which is not secure and by-passable without additional exploits? No thanks.

      • your right its the same sytem and as quickly crack able as a passlock, when not even quicker considering people normally take things they can easly draw for example an L or triangle…

      • or just enter safe mode and your in 😉

      • Anonymous

        Like welcom said, you could just crash the phone into safe mode. Or if you have LockInfo installed. Preview an email and click the link inside. You will get into mobile safari. Hit the home button will take out to the springboard. If I recall correctly, the phone wouldn’t launch the phone app, but it will allow to disable androidlock xt from that point and then respring to access everything. >_>

    • @ welcom
      how to do you enter safe mode or crash the phone from lock screen?

  • Dan

    I don’t even have a password on my phone…

    • Anonymous

      I took mine off. . . Its a bit lame after a while and it prevents using bitesms and etc to open up to text directly in the app from lockscreen.

      • You can go to BiteSMS settings and configure dude. You CAN reply via pop up in locked lockscreen.

    • Same here, but I don’t even have a lockscreen. NoLockScreen FTMFW!!

  • Anonymous

    I’m so glad there are people ready to expose false claims from disreputable companies.

  • Well that’s handy… I’ll just set my pass code to 0000 and if I forget it, I have a backup plan to get in…. Errr yeah. 😉

  • Aric Bolf

    Who is dumb enough to set their pass code to 0000? The company must be stupid to develop a product based on a 1 in 10,000 chance (even less cause some use the longer pass code) of the code being 0000 AND not being an A5 chipped device.

  • No, I remember the 10 minute passcode lock exploit 🙂

  • …….

  • Anonymous

    I don’t have any pass code b/c of fear that if I ever lose any of iDevices somebody will just easily restore the devices n lose my chance of ever finding it

    • Don’t worry 🙂 If you have a password on your phone and connect it to a new iTunes it will ask for the password 🙂

      • Anonymous

        I’m very aware of that but all u have to do is put the phone in dfu mode which takes less than 30secs n presto no password required

        Sent from my iPad 3

      • Oh really? I didn’t know that :/ I think Apple might have to look into how secure iOS really is…

  • This comes to no surprise where someone shows up a security firm hahaha.

  • Anonymous

    2 minutes? I can get into your phone in 2 seconds if the passcode is 0000

  • If you enter numbers only in a complex passcode in iOS, it’ll only show the number pad and not keyboard.

  • Siv

    I can’t take Chronic seriously. For a start he can’t spell familiar…”farmilliar” lol

    • never heard of a typo? damn….

      • Siv

        That wasn’t a typo. It was a conscious misunderstanding of how to spell ‘familiar’.


        Lol, seems like Chronic was spelling it as he would say it.