XRY’s Passcode Bypass Not All It’s Cracked Up To Be

Software isn't quite as foolproof as it appeared at first.

Last week we brought you news about a remarkable piece of software called XRY. This forensics software allows government and law enforcement officials to retrieve data off of a variety of smartphones, including iOS and Android devices. What’s more, the video Micro Systemation (the company that makes XRY) posted about the most recent update shows the software getting data from a passcode-locked iPhone in under two minutes.XRY’s Passcode Bypass Not All It’s Cracked Up To Be
The software got a lot of attention from the media when the video became known. Apparently, though, it seems that at least some of the hype was overblown. Though XRY does allow access to smartphones, it is not as all-powerful as many thought it to be. Noted iOS Jailbreak developerchronic (Will Strafech) published a post to his blog debunking certain parts of the video.
XRY’s Passcode Bypass Not All It’s Cracked Up To BeStrafech complains about misinformation he sees in discussions of the issue. He starts off with the claim that XRY works by using jailbreak exploits to access the iPhone. He says that XRY (and software like it) uses limera1n, a publicly available exploit developed by George Hotz, to load a custom ramdisk. It’s a fairly process, he says, and Micro Systemation’s accomplishment is not in creating a tool that exploits it, but in creating “a tool that is simple enough to be utilized by [law enforcement] personnel.”
What’s more, Strafech says, the exploit that XRY relies on does not apply to the most recent generation of iOS devices. The iPhone 4S, iPad 2, and new iPad are all immune to limera1n. As such, they are also immune to XRY and any other software that relies on limera1n to access the devices.
Finally, he says that the two minutes it takes the software to get into the phone in the demo video is optimistic. In fact, he says, the only reason XRY is able to get into the software in two minutes in the video is because the iPhone’s passcode has been set to 0000. A more complex passcode would be harder to break. And if you have your iPhone set to use a longer passcode (a feature introduced with iOS 5 and the iPhone 4S) it could take “much longer” for software like XRY to get into your phone.
All told, then, it looks like XRY might not be all it’s cracked up to be (pardon the pun). Nevertheless, software like this is something to be aware of. Just like the jailbreak community, it’s a safe bet that companies like Micro Systemation are continuing to work on exploits that will get them into newer devices like the iPhone 4S, too.