If you thought using a longer 6-digit passcode is enough to keep intruders out of your iPhone, then now is the time for a reality check. While a few years ago 6-digit passcodes were considered safe, now hackers and law enforcement agencies armed with hacking tools can crack the passcode and gain full access to an iPhone in 11.6 hours on average, with worse cracking time being about 22 hours for a 6-digit passcode.
This can be achieved with a $15,000 device called GrayKey by GrayShift. This relatively cheap device is now being purchased by police all over the US and possibly elsewhere.
GrayKey just like other similar tools uses the brute-force technique to essentially guess user’s passcode by trying out different combinations on it. iOS is capable of stoping brute-force attacks by limiting number of passcodes entries to 4, after which it asks the user to wait for a minute before trying another time, and increases the wait time after each failed attempt. However it looks like tools such as GrayKey have found ways to circumvent this restriction.
John Hopkins assistant professor and cryptographer Mathew Green gives us an idea about how much time it takes to crack passcodes of different lengths.
Guide to iOS estimated passcode cracking times (assumes random decimal passcode + an exploit that breaks SEP throttling):
4 digits: ~13min worst (~6.5avg)
6 digits: ~22.2hrs worst (~11.1avg)
8 digits: ~92.5days worst (~46avg)
10 digits: ~9259days worst (~4629avg)
— Matthew Green (@matthew_d_green) April 16, 2018
As noted in Green’s tweet a 4 digit passcode can be guessed in 6-13 minutes while it takes only 11 to 22 hours to guess a 6 digit passcode. Things are better when it comes to 8 digit passcodes that can take from 46 to 92.5 days to guess. Currently you can make your iPhone significantly secure by using a 10 digit passcode that can take from 4629 to 9259 days to crack.
If you are someone who is worried about his or her iPhone getting into wrong hands and want to protect data stored in it, then you should start using the alphanumeric passcodes on your iPhone. These passcodes are like your normal passwords and consist of alphabets and letters, making them considerably hard to crack. Here’s how to set an alphanumeric passcode on your iPhone.