After the launch of a relatively cheap iPhone passcode cracker called GreyKey from the company called GreyShift, police departments have made a beeline to acquire it. The device can unlock an iPhone by bruteforcing the passkey. And the unlocking times vary usually from a few minutes to a couple of days. And this is where the complexity and the length of the passcode on the iPhone comes into play.
With Apple making disk encryption default on iPhones since September 2014, a third person could never access the data on the phones unless it was unlocked. But with the tussle between Apple and the FBI over the San Bernadino case, where the company refused to have the iPhones of the accused opened. This prompted the intelligence agency to have the phones unlocked by an Israeli security company.
Apple has introduced some measures to make sure that the iPhones can’t just be unlocked by using bruteforce. To begin with, all iPhone passcodes need to be at least 6 digits and an interval was introduced after certain number of futile tries. This time gap keeps increasing to stall the process. There is even an option that cleans the drives after 10 incorrect tries.
Here’s a chart of the delay time after a number of passcode try
But from the capabilities that GreyKey is promoting, it can be assumed that the device can bypass the incorrect tries barrier.
And that brings us to the the heart of the matter which is that six digit passcodes take very little time to crack for the GreyKey. And here’s what Matthew Green, an assistant professor and cryptographer at the Johns Hopkins Information Security Institute, thinks is a viable timeline of the working speed of the device.
Guide to iOS estimated passcode cracking times (assumes random decimal passcode + an exploit that breaks SEP throttling):
4 digits: ~13min worst (~6.5avg)
6 digits: ~22.2hrs worst (~11.1avg)
8 digits: ~92.5days worst (~46avg)
10 digits: ~9259days worst (~4629avg)
— Matthew Green (@matthew_d_green) April 16, 2018
This indicates that a 10 digit random passcode would take approximately 25 years to crack at most and a minimum of 12 years on GreyKey. Hence it would help to have a longer passcode than just a six-digit one, preferably with alphanumeric and symbols. So in case you don’t have a complex passcode yet, think about getting one from the settings of the phone.