Society's Child
No matter how many times they're warned, far too many folks refuse to adopt complicated passwords. Seemingly on a monthly basis, studies find that "Password" and "ABC123" continue to top the list of most commonly used passwords and, in turn, the most commonly hacked passwords. And if you're the type of user who spreads the same password across email, social media, banking, and commerce sites, you've pretty much opened your entire identity to anyone with an internet connection.
Even iPhone users have taken the easy route when choosing a four-digit passcode to unlock their device. According to a study from last June, "1234" is by far the most common iPhone passcode around. (Cue the appropriate Spaceballs quote now.)
And for Android users, gaining full access to a Droid could be as easy as holding the screen up to the light to reveal a smudge pattern.
But those who've adopted unique and complicated, yet memorable, passwords are still not immune from security breaches. As scary as it sounds, one need only physical access to your mobile device -- be it a password-protected iPhone, Android, Windows Phone, or BlackBerry -- to gain total control of your phone and the files within. As Swedish security firm Micro Systemation shows in a video, a lightweight program and a USB cable are all anyone needs to access your information.
And that technique is not only being used by ne'er-do-well hackers. It's being used by police and military worldwide.
Micro Systemation marketing director Mike Dickinson told Forbes, "It's a massive boom industry, the growth in evidence from mobile phones." Adding, "After twenty years or so, people understand they shouldn't do naughty things on their personal computers, but they still don't understand that about phones. From an evidential point of view, it's of tremendous value."
"If they've done something wrong," Dickinson tactfully added.
His firm supplies phone cracking products to roughly 98% of the British police force and to the US military and FBI. "When people aren't wearing uniforms, looking at mobile phones to identify people is quite helpful," he said.
Scared yet?
But just how fast and easy is the process? As Dickinson shows in the video, using a program called XRY, the entire process takes about two minutes.
Of course, this raises quite a few legal ramifications, as Electronic Frontier Foundation attorney Hanni Fakhoury told Forbes.
"If police have a warrant to be in the phone, this is just a way to get access to what they're legally allowed to," Fakhoury said. "But if they're going to a protest and seizing folks for booking, and immediately running this on their phones and sucking everything out, we've got a real problem."
So what can we do? How do iPhone and Android users protect themselves from such an easy hack -- especially in situations where the device may have been confiscated without a proper warrant?
Dickinson admits the XRY program does take longer on more complex passwords. "The more complex the password, the longer and harder it's going to be to access the phone," he said. Fortunately for iPhone and Android users, a lock screen using alphanumeric passwords can be set up. It may be a longer and more cumbersome process when constantly switching on your device from sleep mode, but it makes it that much more difficult for anyone else to gain access to your phone. As Dicksinson said, "In some cases, it takes so long to brute force that it's not worth doing it."
If keeping your privacy intact is important to you, switching to an alphanumeric password is definitely worth doing.
Reader Comments
Boom industry: Invading Your Privacy - and YOU ARE paying for YOU to be spied on!
Micro Systemation marketing director Mike Dickinson told Forbes, "It's a massive boom industry, the growth in evidence from mobile phones." (sic)* Adding, "After twenty years or so, people understand they shouldn't do naughty things ON their personal computers, but they still don't understand that about phones. From an evidential (sic- he meant “evidentiary”) point of view, it's of tremendous value."
What a pompous Ass! A wanna-be PTB.
"It's a massive boom industry, the growth in evidence from mobile phones." (His primary clients? Governments illegally spying on their own citizens. Corporations illegally spying on US citizens because some executive branch person sez: “Gimme” and don’t ask why, or else!) Who pays for this spying? We do! With our taxes!
For just one example, see the case against Quest’s CEO, Joseph Nacchio, which was the ONLY mobile company to refuse “our” government’s OBVIOUSLY ILLEGAL demand to be allowed to intercept of ALL data and phone calls, domestic and foreign, beginning in 2001.... When? February, 2001! You see, Quest rightly concluded that the warrantless demand violated numerous privacy laws and said, “the law says you need to give us a warrant. Please just show us that, for the law says I can’t give it to you without one.” They (the feds’ flunkies) said, “You better comply OR ELSE!” They then found something to prosecute him for (see book “Three Felonies a Day.”) and threw his ass in prison and the next president of that company said “Here’s the data, Massah Fed-Man, Shur nuf. Massah!” (Nacchio apparently thought we were still a “nation of laws; not men.’ HAH!) For a summary, see this: [Link]
And then, Micro-Dick-Head Mikenson, (or such) has the evil audacity to say “After twenty years or so, people understand they shouldn't do naughty things ON their personal computers.” ( Like what? As defined by whom? Him? The pope? A top secret presidential decree?) If someone had a fetish for masturbating to videos of some evil old politicians’ ugly hag wife on C-SPAN, would that count? Or would that only count if there were spots ON the monitor or if the keys ON the keyboard were left sticky? (Please pardon "dripping" sarcasm.)
These companies, Halliburntus, Black-Sh*t-water, Micro (dick) Systemation, et al., ad nauseam, are the LEECHES which are part and parcel of the BLEEDING DRY of both the life of America and her/our freedoms by the PTB and their flunkie politicos and cronies.
R.C.
*Sic: Incomplete sentence by writer. Apparently he meant, "mobile phones," adding, "...".
R.C.
"This video has been removed by the user."
Why would someone voluntarily choose to remove his own video?
Reword that: Would someone voluntarily choose to remove his own video?
Micro Systemation marketing director Mike Dickinson told Forbes, "It's a massive boom industry, the growth in evidence from mobile phones." Adding, "After twenty years or so, people understand they shouldn't do naughty things on their personal computers, but they still don't understand that about phones. From an evidential point of view, it's of tremendous value."