Users are encouraged to set a PIN code to lock mobile devices to secure data in case it is lost or stolen. However, users aren’t picking hard-to-guess combinations, according to a recent analysis of iPhone passcodes.
The ten most common passcodes used by iPhone users accounted for 15 percent of all the passwords analyzed, Daniel Amitay, the developer behind the iPhone app Big Brother Camera Security, said on his Website June 13. The most common values were: 1234, 0000, 2580, 1111, 5555, 5683, 0852, 2222, 1212 and 1998.
Amitay’s Big Brother Camera Security app for the iPhone 4 automatically takes a picture of anyone using the iPhone 4 using the front-mounted camera. The idea is to let users see who might be using the smartphone without permission. In the latest update, Amitay added code to collect information about the passcodes users were selecting to protect the camera app.
“Formulaic passwords are never a good idea,” Amitay said, but his analysis found that most users selected easy to guess codes.
Out of the 204,508 codes the app sent back anonymously to Amitary, ‘1234’ was the most commonly used, with 4.3 percent users. The second most common code was ‘0000’ picked by 2.6 percent of the users. Amitay believed that since the passcode setup screen and lock screens on Big Brother Camera Security were “nearly identical” to the actual iPhone passcode screen, that there was a high correlation between the two.
“I can think of strong arguments why some people would choose different passcodes for an app than the one they use to lock their smartphone, but my hunch is that many people don't bother,” wrote Graham Cluley, senior technology consultant at Sophos, on the NakedSecurity blog.
People choosing "1234", "0000" and "1111" as their passcode, “are doing the equivalent of locking up their cars with a piece of thin string,” wrote Cluley. "0852" and "2580" aren't that much better as the code is just going up and down the keypad.
All in all, 14.4 percent of passcodes were one of the ten most common codes, Amitay found. The top four codes represented 10.8 percent of the codes collected.
“With a 15 percent success rate, about 1 in 7 iPhones would easily unlock,” Amitay said.
If the user enables the PIN codes, the phone will be wiped clean after ten wrong attempts. Theoretically, there are 10,000 possible four-digit code combinations, so that means the thief usually has a 0.1 percent chance of guessing the correct code in ten tries. If the user picks one of the common ten, or uses birth year or other easy to guess values, the likelihood of guessing the correct code becomes higher.
Years between 1990 and 2000 are all in the top 50 and 1980 to 1989 were in the top 100 passcodes. Amitay speculated the years corresponded to either the year of birth or graduation.
The code ‘5683’ spells out the word ‘love,’ Amitay noted.
To be really secure, users should turn off the simple four-digit code and use a real password since it can be longer than 4 numbers, Cluley said. Users need to toggle off “Simple Passcode” under Settings/Genera/Passcode Lock. With Simple Passcode disabled, users can choose a longer and more complex password which would do a better job of securing the smartphone, Cluley said.
There’s another reason to switch to a real password. A Russian security firm ElcomSoft claimed it had figured out a way to crack the simple pass codes to obtain encryption keys to unlock the data stored on the smartphone.
As of June 14, Apple had removed the app from the App Store for privacy concerns because the app was phoning data home. Amitay pointed out that all he was getting was just the numbers, with no identifying information and the app wasn’t collecting the actual phone’s PIN code.
Post Source: http://www.eweek.com/
The ten most common passcodes used by iPhone users accounted for 15 percent of all the passwords analyzed, Daniel Amitay, the developer behind the iPhone app Big Brother Camera Security, said on his Website June 13. The most common values were: 1234, 0000, 2580, 1111, 5555, 5683, 0852, 2222, 1212 and 1998.
Amitay’s Big Brother Camera Security app for the iPhone 4 automatically takes a picture of anyone using the iPhone 4 using the front-mounted camera. The idea is to let users see who might be using the smartphone without permission. In the latest update, Amitay added code to collect information about the passcodes users were selecting to protect the camera app.
“Formulaic passwords are never a good idea,” Amitay said, but his analysis found that most users selected easy to guess codes.
Out of the 204,508 codes the app sent back anonymously to Amitary, ‘1234’ was the most commonly used, with 4.3 percent users. The second most common code was ‘0000’ picked by 2.6 percent of the users. Amitay believed that since the passcode setup screen and lock screens on Big Brother Camera Security were “nearly identical” to the actual iPhone passcode screen, that there was a high correlation between the two.
“I can think of strong arguments why some people would choose different passcodes for an app than the one they use to lock their smartphone, but my hunch is that many people don't bother,” wrote Graham Cluley, senior technology consultant at Sophos, on the NakedSecurity blog.
People choosing "1234", "0000" and "1111" as their passcode, “are doing the equivalent of locking up their cars with a piece of thin string,” wrote Cluley. "0852" and "2580" aren't that much better as the code is just going up and down the keypad.
All in all, 14.4 percent of passcodes were one of the ten most common codes, Amitay found. The top four codes represented 10.8 percent of the codes collected.
“With a 15 percent success rate, about 1 in 7 iPhones would easily unlock,” Amitay said.
If the user enables the PIN codes, the phone will be wiped clean after ten wrong attempts. Theoretically, there are 10,000 possible four-digit code combinations, so that means the thief usually has a 0.1 percent chance of guessing the correct code in ten tries. If the user picks one of the common ten, or uses birth year or other easy to guess values, the likelihood of guessing the correct code becomes higher.
Years between 1990 and 2000 are all in the top 50 and 1980 to 1989 were in the top 100 passcodes. Amitay speculated the years corresponded to either the year of birth or graduation.
The code ‘5683’ spells out the word ‘love,’ Amitay noted.
To be really secure, users should turn off the simple four-digit code and use a real password since it can be longer than 4 numbers, Cluley said. Users need to toggle off “Simple Passcode” under Settings/Genera/Passcode Lock. With Simple Passcode disabled, users can choose a longer and more complex password which would do a better job of securing the smartphone, Cluley said.
There’s another reason to switch to a real password. A Russian security firm ElcomSoft claimed it had figured out a way to crack the simple pass codes to obtain encryption keys to unlock the data stored on the smartphone.
As of June 14, Apple had removed the app from the App Store for privacy concerns because the app was phoning data home. Amitay pointed out that all he was getting was just the numbers, with no identifying information and the app wasn’t collecting the actual phone’s PIN code.
Post Source: http://www.eweek.com/
No comments:
Post a Comment