Back in 2010, iOS developer Daniel Amitay developed a camera security app for iPhones that used an unlock screen almost identical to that of the iPhone.
The app was removed in mid-2011 (though, it eventually reappeared in early-2013, still available in the iOS App Store today), and before its initial demise, Amitay recorded the passwords anonymously that users typed in, and these were the results:
Image via Naked Security These
ten iPhone passcodes make up 15% of the 200,000 passcodes that his
application recorded. The most popular code was "1234", which almost
9,000 people used. The rest of the codes are either very simple
("0000"), create a pattern ("2580"), or in the case of "5683", make up a
word (LOVE).
These results are staggering, because according to
this study, these ten codes are used by 1 out of every 7 iPhone users.
Merely attempting these 10 passcodes gives you a pretty high chance of
getting into someone's iPhone, even in newer iOS 7 devices.
#1. Using Brute Force to Bypass the iPhone Lock Screen
Aside from the 10 common passcodes above, your chances can exponentially increase if you know the owner of the iPhone well.
Many
people use 4-digit pins that they're familiar with: birthdays,
anniversaries, addresses, the last 4 of their social security numbers,
and even the last 4 digits of their own phone number. iPhone users
unlock their cell phones dozens of times a day, making a simple and
memorable passcode beneficial.
Add to that oily finger smudges on the screen and there's a pretty good chance you'll get passed the lock screen security.
You have 6 tries
to access the phone before you'll see the "disabled" warning, and then a
few more before the phone is completely disable, so that gives plenty
of chances for a good brute-forcer to gain access.
Even if you see the disabled screen, you still can hack into it. Scroll down to the Completely Resetting the iPhone with iTunes section for more info.
Protecting Yourself from Brute-Forcers
Much like any PIN (e.g. debit cards), you need to make it hard to guess by thieves.
Don't choose any of the ten passcodes listed above.
Don't use any important dates or any other numbers that can be linked back to you.
Steer away from passcodes that make shapes, like "1397" or "7139" (a square).
Instead of an easy 4-digit number, choose an alphanumeric code. Go to Settings -> Passcode and enter in your current PIN. Then disable Simple Passcode and set an alphanumeric passcode.
For help coming up with better passwords and codes, check out one of the many guides over on Tech Pr0n, Power Byte (the precursor to Null Byte), or InterNoobs.
#2. Using Siri to Bypass the iPhone Lock Screen
You can use Siri to bypassany code on the iPhone 4S, 5, 5C, or 5S (if Touch ID is disable), but only to a certain extent, and only if the user has allowed Siri access when the phone is locked.
If
so, you can just press down on the Home button and ask Siri to make a
phone call, send a text, and look through notes. Simple stuff. You can't
use Siri for things like looking through email, contacts, or the
internet.
Protecting Yourself from Siri's Flaws
You can protect yourself from this by deactivating Siri while the phone is locked. Do this by going to Settings -> Passcode and disabling Siri from the lock screen.
#3. Completely Resetting the iPhone with iTunes
Resetting your iPhone
can bypass the passcode, but will delete everything on the phone. This
can come in handy if you forget your passcode and have everything backed
up on your iTunes. So, if you get a message like this when connecting
the device to iTunes...
Press
and hold the Home button, and while holding the Home button in, hurry
up and connect your iPhone to your computer using the USB cord.
Continuing holding the Home button until the "Connect to iTunes" screen pops up.
iTunes will give you the recovery mode alert.
Click "OK" and restore the device.
This will take off the passcode, but will delete everything on the phone. Make sure to back up your iPhone at least once beforehand, or it will wipe to factory settings.
Protecting Yourself from Clever iTunes Restorers
It's tough to protect yourself from a hard reset, especially if your phone is stolen. What you can do is to make sure that Find My iPhone
is turned on. That way you cannot only track where the iPhone is, but
also remotely delete all the information before someone has a chance to
bypass the passcode, granted they don't just turn the device off and
sell it for parts.
#4. Tricking iCloud with a Fake Server
An anonymous hacker by the name of AquaXetine
found an exploit in Apple's iCloud system that lets anyone unlock a
lost or stolen iPhone running iOS 7 or above, and Apple has yet to fix
it.
This hack, available at the doulCi website
(iCloud (almost) spelled backwards), appears to change your DNS for the
connection to iCloud so their server can intercept the Activation Lock
request, and then responds with the proper message to unlock the device.
Six iPhones that were hacked using the doulCi technique.
Image by esonglance/Twitter So far, the hackers claim that over 15,000 devices have been unlocked using this technique.
Protecting Yourself from doulCi
Unfortunately, there's not much you can do here. We just have to wait for Apple to fix this insane oversight, and hope that the kill-switch legislation gets approved nationwide; if the device is essentially destroyed, then no one will want to steal it.
#5. Using Passcode-Hacking Apps
You can unlock an older iPhone using redsn0w, which also jailbreaks the device without deleting anything. This article has a video that shows how to install redsn0w on any iPhone still using iOS 5, while this one
will show you how to do it on iOS 6 devices. It bypasses the code and
doesn't delete any of the information stored on the iPhone. This could
potentially also work with the evasi0n jailbreak for iOS 7 devices, as well.
You can also use a program called Gecko iPhone Kit (for iOS 5), which can be downloaded here,
but most devices are using at least iOS 6 by now. This will actually
give you the code and doesn't jailbreak or delete anything from the
iPhone. Below is a video tutorial of this process.
Protecting Yourself from Password-Hacking Apps
Again, not much you can do here. If it works for them, awesome, because it was about time you updated to a new iPhone anyway.
Have you found another way to gain access to the lock screen on your iPhone? Let us know.
How Thieves Unlock Passcodes on Stolen iPhones (And How to Protect Yourself Against It)
Rating: 4.5
Diposkan Oleh: CRS
