XRY security software extracts iPhone lock code really, really easily

Sweden-based Micro Systemation recently demonstrated on video just how easily their desktop software for military and law enforcement can crack into an iPhone. With a few quick reboots, XRY can not only dig out the phone's unlock code, but can also personal data, GPS locations, messages, and a log of keystrokes. Though Micro Systemation wouldn't go into specifics on how they go about doing all of this, they said the process is similar to jailbreaking, and they're constantly keeping up to speed on the latest iOS and Android updates. Though the video below shows the process happening pretty quickly, more complicated passwords can make the crack take infinitely longer - sometimes too long to be worth it.

Of course, this kind of software is used exclusively by law enforcement agencies of various kinds around the world, so there's no need to worry about some random hacking into your phone with this software. Of course, Micro Systemation isn't responsible for how police and military use the software once they've been certified by local governments.   In California, cops don't even need a warrant to search your phone.

We all know that our iPhones are highly personal items and can store a lot of sensitive information on them. As scary as it might be that the cops can get access to it in a heartbeat, it's only really an issue if you've done something wrong, isn't it?

Source: Forbes

Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!

Simon Sage

Editor-at-very-large at Mobile Nations, gamer, giant.

More Posts



← Previously

New iPad owners in Australia scorned by false 4G LTE advertising offered refund

Next up →

Apple execs sell off half a million shares for around $314 million

Reader comments

XRY security software extracts iPhone lock code really, really easily


I am sure that this software would be considered ILLEGAL in the US due to the fact it is used for "hacking" a device which you do not own I.E. Police hacking/jailbreaking your phone to find all your naughty info. I am surprised that that the EFF has not brought this up to protect our rights. Glad I am jailbroken with a wipe app, someone says hand over phone good luck! Damn government wanting to know what we do, who we call where we go what happened to HOME OF THE FREE.....

It's not illegal. It would be illegal for them to perform a warrantless seizure of your personal data, but with a warrant, they can basically look at whatever the hell they want, and use any measure to get it.

Saying they can use "any measure" is a bit overreaching don't you think? We do have CP laws that restrict the manner in which evidence can be obtained as well as prevent there admission in criminal trials.
God bless America.

Mike, you are spot on. Without a warrant these searches are IILEGAL and UNCONSTITUTIONAL, no matter what an ignorant judge in California says.
Liberty seems like a lost cause in this country these days.
And Simon, we need to erase this mentality of, "I don't care because I have nothing to hide." That misses the point entirely. Our rights and liberties were protected by the founding fathers because they understood something few people do today, that governments will always seek to expand their power over citizens unless they are actively prevented from doing so. I don't commit crimes, but it's a false premise to assume that I should therefore allow the government to watch my every move.

Of course, this kind of software is used exclusively by law enforcement agencies of various kinds around the world as far as we know
Fixed that for you. Forbes, among other outlets, have reported a thriving market for zero day exploits, though the seller quoted says that the biggest customer is the US, and that he personally limits his sales to Western governments. Even if this one seller so limits himself, that is not exactly reason to cheer.

The software would not be illegal in the US. 1 if the cops or government are cracking your phone it is probably because they are performing an investigation. Thus more than likely seizing all of your electronic devices . Also if all of your electronic devices that can store data are being seized its pretty much guaranteed that they have a warrant allowing them to do so.

"...it’s only really an issue if you’ve done something wrong, isn’t it?"
wow that will start a discussion! The problem is that doing something wrong keeps changing what if being religious (or atheist) becomes a crime? What if you happen to match the description of a criminal and are in the wrong area? I know those things are unlikely to happen but that is why we need to protect our liberties now before what we do or who we are becomes a crime.

“…it’s only really an issue if you’ve done something wrong, isn’t it?”
...or if(when) a blackhat get ahold of this or similar tools. Be real, if the expolit exists, anyone can use it.

"As scary as it might be that the cops can get access to it in a heartbeat, it’s only really an issue if you’ve done something wrong, isn’t it?"
Now this is a contradiction! What in case of a routine check and some police officer hacks my phone? Did I do something wrong?
Come on, you can't be serious.
Same as "I have nothing to hide". That's not the issue. I have my privacy. "I have nothing to hide" is something different from "why do they want to know everything?". Everyone has something to hide (that's why they wear clothes). Finally phone operators (in Holland) confirmed that they use DPI. It's a shame!

…it’s only really an issue if you’ve done something wrong, isn’t it?
"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him." -- Cardinal Richelieu, 17th century French statesman
More recently, the late great newspaper columnist, Mike Royko, would respond to this gambit back in the 1970s by immediately asking the questioner all sorts of personal questions. Where do you live? Where do you work? How much money do you make? How old are your kids, and where do they go to school? 100% of the time, the person would decline, and Royko would claim it was just for background checks for his story, and, if you haven't done anything wrong, you shouldn't have a problem with answering. 100% of the time, the person would hang up in a huff.
Because the correct answer is always get a warrant, or it's none of your damn business.

Yep, I HATE the line of thinking that if you're doing nothing wrong, you shouldn't worry about your personal privacy. That's a dangerous attitude to have. By that line of thinking police should be able to search your house any time they want without cause or warrant. Is that a world we want to live in?

A warrant has to be signed by a judge and will expllicitly state what is to be searched for. Ie: a warrant is written because it is suspected you are holding a stolen car on your property. Because a stolen car wouldn't be inside of a microwave, they do not have the right to search inside of the microwave. However most are written to allow search for info leading to clues. That means they can search your trash for clues as to where the car could be. Also, if they happen to find drugs, they may confiscate but not prosecute since it is unrelated to the search warrant. Good luck out there!

personal data, GPS locations, messages, and a log of keystrokes?
Why has iOS got a keylogger built in anyway?
Most PC antivirus software has keylogger detection to eradicate them so why are Apple allowed to build it in as part of the OS?

"…it’s only really an issue if you’ve done something wrong, isn’t it?"
Oh, man, are you folks naive. Ever heard of the Patriot Act?! And remember, the Obama administration is prosecuting whistleblowers at a greater rate than the Bush administration ever did! The National Security Agency's Thomas Drake is currently speaking out, for example, about how they're coming after him. Go to Democracy Now! for two interview with him.
Now I have to decide to get rid of my "Simple PIN" or take so much more time to get into my devices with a longer password. Dang!

This isn't the first suite to do this. There are others. I've seen one in action.
You do know that iOS takes a screenshot every time you press the home button, right? It's used for the "shrink" transition. These are all available in slack space. Even if you delete your messages, etc - examiners can see a lot through these images.

if you're jail broken and you change your root password, will this exploit still work? since this is based on a jailbreak they have to keep the system re-booting somehow so it doesn't timeout/wipe your device after a given amount of failed attempts. i wonder if they rely on the generic root password to do that, so for those that have changed it, this explot is completely useless. anyone care to start a discussion on this rather than on what cops will do with it?

Uh oh, all those enterprises switching to iPhone better take note! How many are getting worried they made the wrong security choice I wonder.

Maybe I should set my iPhone to wipe after three tries. "If you haven't done something wrong..." ? Sure. Right. Uh huh. Facebook uses that logic to invade your privacy. Employers are using that logic to invade your privacy by asking for your Facebook login info to snoop your personal Facebook account. That logic is flawed. Personal privacy is a RIGHT, not a privilege. I'm not surrendering that right under the logic that "If I haven't done something wrong", I should share my personal information. NO. Not going to happen.
Once felt secure with an iPhone versus Android. Not feeling nearly as secure now. Need to make my pass code overly complicated.

As scary as it might be that the cops can get access to it in a heartbeat, it’s only really an issue if you’ve done something wrong, isn’t it?
I love this primitive logic. Ok, so let's let the police access any time our internet anytime they want, or enter or homes any time they want. Forget about privacy? Is that what you're saying? Gee, Elmo, the police are all ethical, honest, and trustworthy individuals? They're not corruptable in any way, are they? They're genetic mutants and always do the right thing!?

Yes, liberty is going down the toilet. But, I'm fairly certain that the author was being facetious at the end of the article.