Why you should change your iPhone passcode
If you're one of the millions using a four or six-digit passcode on your iPhone, it could be time for you to change it.
An anonymous source told security firm Malwarebytes details of a small device, named GrayKey, that is capable of unlocking iPhone passwords.
The device, which the source described as a small grey box with two lightning cables sticking out of the front, can unlock an iPhone with a four-digit passcode in as little as 6.5 minutes.
It was created by a US company named Grayshift, whose website can only be accessed by devices affiliated with law enforcement.
Malwarebytes said: "Such a device could fetch a high price on the black market, giving thieves the ability to unlock and resell stolen phones, as well as access to the high-value data on those phones."
Matthew Green, a cryptographer at Johns Hopkins University, observed on Twitter that GrayKey takes on average 11 hours to crack iPhone's standard six-digit passcodes, while eight digits usually take around 46 days.
A 10-digit passcode would take, on average, 12.5 years to unlock.
While an alphanumeric password (a combination of numerals and letters) does provide more protection, Dr Green said it's still not completely safe.
"Keep in mind that unless you choose your password very well, you might not be that much better off," he wrote on Twitter.
Dr Green said the shorter the passcode, the weaker it is - and advises iPhone users to steer clear of four-digit codes entirely.
GrayKey can connect two devices at the same time, and requires each iPhone to be connected for two minutes.
After being disconnected, it is not immediately unlocked. According to MalwareBytes, the phone will eventually display a black screen with several lines of information, including the passcode and the time it took to crack it.
The 10 worst passwords you could be using
Boss slammed for email sent to workers after midnight office visit
Why accused dine-and-dash woman has started a crowd funding page
After the device is unlocked, the iPhone's entire contents can be downloaded on to the GrayKey device and accessed through a connected computer.
Forbes reported that the device is being used by law enforcement officials to help crack open iPhones in record time.
There are two GrayKey devices, one that costs $US15,000 and need to be connected to the internet, and a $30,000 option that can operate without internet connectivity and unlock an unlimited number of devices.
Guide to iOS estimated passcode cracking times (assumes random decimal passcode + an exploit that breaks SEP throttling):
4 digits: ~13min worst (~6.5avg)
6 digits: ~22.2hrs worst (~11.1avg)
8 digits: ~92.5days worst (~46avg)
10 digits: ~9259days worst (~4629avg)— Matthew Green (@matthew_d_green) April 16, 2018
If you've ever tried to many password attempts on an iPhone, you'd know that the phone disables and can even erase all data to avoid hacking.
But - "not with something like GrayKey", Dr Green said.
For the strongest passcode possible, use a lengthy combination of numbers, letters (both upper case and lower case) and symbols.
Random characters work better than actual words.
To change your passcode to go: Settings > Touch ID & Passcode > Change Passcode > Password Options > Custom Alphanumeric Code.