You might think you are safe with a six digit code, but think again.
You might think you are safe with a six digit code, but think again.

Why you should change your iPhone passcode

DO YOU use a six-digit passcode on your iPhone? If so, you need to change it immediately because your device has little to no protection.

The advice comes after an anonymous source provided security firm Malwarebytes with evidence of a cheap technology which promises to crack any iPhone.

Developed by long-time US intelligence agency contractors and an ex-Apple security engineer, the product known as GrayKey claims it can crack any iPhone running iOS 10 or 11 using Brute force - a trial and error method used by application programs to decode encrypted data such as passwords.

The $19,000 tool will be popular with law enforcement.
The $19,000 tool will be popular with law enforcement.

"GrayKey is a grey box, four inches wide by four inches deep by two inches tall, with two lightning cables sticking out of the front," Malwarebytes explained.

"Two iPhones can be connected at one time, and are connected for about two minutes. After that, they are disconnected from the device, but are not yet cracked.

"Some time later, the phones will display a black screen with the passcode, among other information. The exact length of time varies, taking about two hours in the observations of our source.

"It can take up to three days or longer for six-digit passcodes, according to Grayshift documents, and the time needed for longer passphrases is not mentioned. Even disabled phones can be unlocked, according to Grayshift."

After the device is unlocked, the full contents are downloaded to the GrayKey device where they can be accessed through a web-based interface on a connected computer.

Based on the claims made by Grayshift and Apple's delays between password attempts, assistant professor and cryptographer at the Johns Hopkins Information Security Institute Matthew Green did the maths to find out just how vulnerable passcodes are.

 

Based on his findings, your best bet would be to change your password to 10 digits because that would take as much at 25 years for the tool to crack - the average was 12 years.

This correlates with security researcher Ryan Duff who said the longer the passcode, the better.

"People should use an alphanumeric passcode that isn't susceptible to a dictionary attack and that is at least seven characters long and has a mix of at least upper case letters, lower case letters, and numbers," he told Motherboard.

"Adding symbols is recommended and the more complicated and longer the passcode, the better."

Likewise, you can turn on a setting that wipes all data from the phone after 10 failed passcode attempts.

HOW TO CHANGE YOUR IPHONE PASSCODE

• Go to Settings.

• Click Touch ID & Passcode and enter your current passcode

• Click Change Passcode and enter your current passcode once more

• Click Password Options located at the bottom of the screen.

• Click Custom Alphanumeric Code

• Enter your new passcode and be sure to include letters, numbers and symbols

Continue the conversation in the comments below or with Matthew Dunn on Facebook and Twitter.


City boss takes razor to Ipswich councillors' committees

City boss takes razor to Ipswich councillors' committees

Research found Ipswich had more committees than any other council

Have your say on new community garden in West Ipswich

Have your say on new community garden in West Ipswich

Keen gardeners will be able to grow their own fruit or vegetables.

Council to close controversial CBD development company

Council to close controversial CBD development company

New tenders have been awarded as council moves to manage the project

Local Partners