© MinyanvilleHack be nimble!
No matter how many times they're warned, far too many folks refuse to adopt complicated passwords. Seemingly on a monthly basis, studies find that "Password" and "ABC123" continue to top the list of most commonly used passwords and, in turn, the most commonly hacked passwords. And if you're the type of user who spreads the same password across email, social media, banking, and commerce sites, you've pretty much opened your entire identity to anyone with an internet connection.
Even iPhone users have taken the easy route when choosing a four-digit passcode to unlock their device. According to a study from last June, "1234" is by far the most common iPhone passcode around. (Cue the appropriate Spaceballs quote now.)
And for Android users, gaining full access to a Droid could be as easy as holding the screen up to the light to reveal a smudge pattern.
But those who've adopted unique and complicated, yet memorable, passwords are still not immune from security breaches. As scary as it sounds, one need only physical access to your mobile device -- be it a password-protected iPhone, Android, Windows Phone, or BlackBerry -- to gain total control of your phone and the files within. As Swedish security firm Micro Systemation shows in a video, a lightweight program and a USB cable are all anyone needs to access your information.
And that technique is not only being used by ne'er-do-well hackers. It's being used by police and military worldwide.
Micro Systemation marketing director Mike Dickinson told Forbes, "It's a massive boom industry, the growth in evidence from mobile phones." Adding, "After twenty years or so, people understand they shouldn't do naughty things on their personal computers, but they still don't understand that about phones. From an evidential point of view, it's of tremendous value."
"If they've done something wrong," Dickinson tactfully added.
His firm supplies phone cracking products to roughly 98% of the British police force and to the US military and FBI. "When people aren't wearing uniforms, looking at mobile phones to identify people is quite helpful," he said.
Scared yet?
But just how fast and easy is the process? As Dickinson shows in the video, using a program called XRY, the entire process takes about two minutes.
Of course, this raises quite a few legal ramifications, as Electronic Frontier Foundation attorney Hanni Fakhoury told Forbes.
"If police have a warrant to be in the phone, this is just a way to get access to what they're legally allowed to," Fakhoury said. "But if they're going to a protest and seizing folks for booking, and immediately running this on their phones and sucking everything out, we've got a real problem."
So what can we do? How do iPhone and Android users protect themselves from such an easy hack -- especially in situations where the device may have been confiscated without a proper warrant?
Dickinson admits the XRY program does take longer on more complex passwords. "The more complex the password, the longer and harder it's going to be to access the phone," he said. Fortunately for iPhone and Android users, a lock screen using alphanumeric passwords can be set up. It may be a longer and more cumbersome process when constantly switching on your device from sleep mode, but it makes it that much more difficult for anyone else to gain access to your phone. As Dicksinson said, "In some cases, it takes so long to brute force that it's not worth doing it."
If keeping your privacy intact is important to you, switching to an alphanumeric password is definitely worth doing.
Micro Systemation marketing director Mike Dickinson told Forbes, "It's a massive boom industry, the growth in evidence from mobile phones." Adding, "After twenty years or so, people understand they shouldn't do naughty things on their personal computers, but they still don't understand that about phones. From an evidential point of view, it's of tremendous value."