Last week Forbes wrote an article about the Swedish company Micro Systemation, who is responsible for the software that the military, police departments and other government agencies are using in order to retrieve data from the phones of their suspects. The Micro Systemation software tool XRY claims that it can access an iPhone with a passcode within two minutes, they even demonstrated it in a video. According to Micro Systemation, XRY is exploiting vulnerabilities found in Apple’s mobile operating system iOS, in the same way that jailbreak hackers are working. However, jailbreak-hacker Chronic claims that Apple devices aren’t as vulnerable as the developers of XRY are making it look.
In a blog post on the Chronic website, he believes that XRY is simply using the very old boot-rom exploit limera1in, which originally was discovered by famous jailbreak hacker Geohot. This boot-rom exploit will also only work on A4-based devices; the latest Apple devices that are making use of the new A5 or A5X are no longer vulnerable to these exploits. This is also the reason why the iPhone 4S, iPad 2 and iPad 3 cannot be unlocked by XRY. Furthermore, he finds that it is only possible to crack passcodes within two minutes, if the suspects are using a simply code such as 0000. Chronic recommends users to replace the simply passcode of 4 digits with a password of numbers and letters. XRY will then no longer be capable to crack the device within 2 minutes.