Chronic: Two-minute iPhone crack valid only if passcode is 0000

By , Apr 3, 2012

Remember that two-minute passcode lock exploit we told you about last week? The one by Swedish security firm Micro Systemation behind the XRY app that can get to your data, including contacts, messages and call logs? Well, prominent hacker Chronic has proved them wrong. In an effort to set the record straight, the hacker posted a clarification on his website that pretty much debunks their claim.

Though the XYR tool taps a popular jailbreak exploit, Chronic is adamant the two minutes it takes to crack your passcode is only valid if you set your passcode to ’000′. Conspicuously, that’s the passcode the firm showed in their demo clip. Interesting enough, the original video of the exploit in action is no longer available on YouTube.

The two-minute passcode crack is a “linkbait”, explains the prominent hacker who goes by his real name Will Strafach. According to his blog post from yesterday, the Micro Systemation exploit only holds true if your passcode is set to ’0000′, adding:

The only “special” thing XRY has done is create a tool that is simple enough to be utilized by LE personnel.

Furthermore, it won’t work on the iPhone 4S, iPad 2 and the new iPad.

The simpliest way to “thwart” the use of this software on your phone would be to get the latest model, because (as people who are farmilliar with jailbreaking know) the limera1n exploit is fixed in the bootrom of the A5 (iPad 2 and iPhone 4S) as well as the A5X (iPad 3) chip.

He’s also saying people unwilling to upgrade their device to the latest model can protect themselves from passcode-cracking tools such as Micro Systemation’s XYR app by setting a lengthier password.

Just open open Settings on your device, tap General, then Passcode Lock and disable the Simple Passcode toggle. This will help better secure your device as it takes “much longer than two minutes” to crack a lengthy passcode.

I must admit, I have my device protected with a simple four-digit passcode. I’m just not fond of long passwords as these take much longer to type in each time I unlock my device.

How about you? Do you use a simple passcode or a lengthier one?

  • Share:
  • Follow:

We Recommend

  • http://twitter.com/rydogg23 Ryan

    or just use androidlock XT

    • Anonymous

      Which is not secure and by-passable without additional exploits? No thanks.

      • http://www.facebook.com/profile.php?id=1507068701 Jorit Studer

        your right its the same sytem and as quickly crack able as a passlock, when not even quicker considering people normally take things they can easly draw for example an L or triangle…

      • http://twitter.com/welcom95 welcom

        or just enter safe mode and your in ;)

      • Anonymous

        Like welcom said, you could just crash the phone into safe mode. Or if you have LockInfo installed. Preview an email and click the link inside. You will get into mobile safari. Hit the home button will take out to the springboard. If I recall correctly, the phone wouldn’t launch the phone app, but it will allow to disable androidlock xt from that point and then respring to access everything. >_>

    • http://www.facebook.com/people/Olympia-Apostolopoulou/1239994549 Olympia Apostolopoulou

      @ welcom
      how to do you enter safe mode or crash the phone from lock screen?

      • http://profile.yahoo.com/UJAYJ2YRZ7Y5CVLRK737YRBYLM Ahmed

        sbsetting :P

  • Dan

    I don’t even have a password on my phone…

    • Anonymous

      I took mine off. . . Its a bit lame after a while and it prevents using bitesms and etc to open up to text directly in the app from lockscreen.

      • http://twitter.com/blckaapl B L C K A A P L

        You can go to BiteSMS settings and configure dude. You CAN reply via pop up in locked lockscreen.

    • http://twitter.com/2morebatteries AAAA

      Same here, but I don’t even have a lockscreen. NoLockScreen FTMFW!!

  • Anonymous

    I’m so glad there are people ready to expose false claims from disreputable companies.

  • http://twitter.com/WeebSurfer John Horton

    Well that’s handy… I’ll just set my pass code to 0000 and if I forget it, I have a backup plan to get in…. Errr yeah. ;)

  • Aric Bolf

    Who is dumb enough to set their pass code to 0000? The company must be stupid to develop a product based on a 1 in 10,000 chance (even less cause some use the longer pass code) of the code being 0000 AND not being an A5 chipped device.

  • http://twitter.com/7D_Sniper Adam hood

    No, I remember the 10 minute passcode lock exploit :)

  • http://twitter.com/jermupetro Jermu Petro

    …….

  • Anonymous

    I don’t have any pass code b/c of fear that if I ever lose any of iDevices somebody will just easily restore the devices n lose my chance of ever finding it

    • http://www.facebook.com/people/Cameron-Carlyon/100000384425704 Cameron Carlyon

      Don’t worry :) If you have a password on your phone and connect it to a new iTunes it will ask for the password :)

      • Anonymous

        I’m very aware of that but all u have to do is put the phone in dfu mode which takes less than 30secs n presto no password required

        Sent from my iPad 3

      • http://www.facebook.com/people/Cameron-Carlyon/100000384425704 Cameron Carlyon

        Oh really? I didn’t know that :/ I think Apple might have to look into how secure iOS really is…

  • http://twitter.com/FabianPVD Fabian B.

    This comes to no surprise where someone shows up a security firm hahaha.

  • Anonymous

    2 minutes? I can get into your phone in 2 seconds if the passcode is 0000

  • http://twitter.com/iKrill Antonio

    If you enter numbers only in a complex passcode in iOS, it’ll only show the number pad and not keyboard.

  • http://twitter.com/sivkai Siv

    I can’t take Chronic seriously. For a start he can’t spell familiar…”farmilliar” lol

    • http://twitter.com/e420kush e420Kush

      never heard of a typo? damn….

      • http://twitter.com/sivkai Siv

        That wasn’t a typo. It was a conscious misunderstanding of how to spell ‘familiar’.

        Fa-R-mil-L-iar.

        Lol, seems like Chronic was spelling it as he would say it.