Cracking Smartphone Codes

Posted by Sam Churchill on

If law enforcement wants to see the data you’ve stored on your smartphone, those four digit security codes only take two minutes to crack, notes Forbes. Micro Systemation, a Stockholm, Sweden-based firm, sells law enforcement and military customers the tools to access the devices of criminal suspects or military detainees. They posted this video last week.

The firm’s XRY application can quickly crack an iOS or Android phone’s passcode, dump its data to a PC, decrypt it, and display information like the user’s GPS location, files, call logs, contacts, messages, even a log of its keystrokes. Here’s how easy it is to recover the security codes from a mobile device using XRY.

The company sells products capable of accessing passcode-protected iOS and Android devices in over 60 countries. It supplies 98% of the U.K.’s police departments, for instance, as well as many American police departments and the FBI. Its largest single customer is the U.S. military.

The Cellebrite UME-36Pro is commonly used in phone stores to transfer personal content when upgrading phones or changing networks. CelleBrite is used by Michigan police, to grab all existing, hidden, and deleted phone data.

The Cellebrite device examines mobile phones using a data cable, IrDA, Bluetooth or WiFi. It can access the phone user lock code, as well as deleted messages, images, geotags, phonebook entries and videos, past SIM cards and IMSI history. Almost all GPS devices collect trackpoints, the electronic breadcrumb trail that shows exactly where and when the device has traveled.

Related Dailywireless articles include Carrier IQ Questioned, How Your Location & Preferences are Recorded, Behavioral Targeting: Kill/Capture, Google Vs The Feds, Inside the Libyan Uprising, Internet Traffic: 18 Minute Gap?, Communications Law: Net Neutrality & Surveillence and Spy Squirrels Captured.

Posted by Sam Churchill on Wednesday, March 28th, 2012 at 6:48 am .

One thought on “Cracking Smartphone Codes

  1. You don’t need expensive, commercial forensics tools to break into an iOS or Android device. Literally every Android/iOS device can be broken into if you have physical access.

    For Android, it’s a simple investigation of two files: /data/system/password.key and /data/data/

    For iOS, it’s a simple matter of using an SSH RAMdisk via DFU mode to unlock the screen with the Objective-C runtime isPasswordProtected and unlockWithSound methods. In this case, the password doesn’t even have to be bruteforced unless you want access to the data protected areas (which by default includes the Mail app and nearly nothing else).

Leave a Reply