XRY’s two-minute iPhone passcode exploit debunked

Late last month, we reported Swedish security firm Micro Systemation claimed its “XRY” application was capable of cracking an iOS device’s passcode, logging keystrokes, and accessing data like GPS, call logs, contacts, and messages. The video showing the app in action is now removed, but the firm’s claims are coming under scrutiny by at least one fellow hacker. Will Strafach, better known in the jailbreaking community as “@chronic,” just posted his summary of what is really happening with the software to clarify the issue.

While explaining XRY does not use exploits similar to jailbreak programs, as claimed by many covering the story, Strafach clarified the tool is “simply loading a custom ramdisk by utilizing the publicly available ‘limera1n’ exploit by George Hotz. The ramdisk is not even very special, because anyone could put together their own using open source tools.” He continued by explaining the “two-minute” claim of Micro Systemation is only true if a passcode is “0000.” The time increases when a more complex passcode is set.

Chronic also noted XRY cannot be used on iPhone 4S, iPad 2, and third-gen iPads, something most publications are not reporting. Here is his explanation:

 

Read more

iPhone reverse-engineer/hacker/rapper Geohot arrested for marijuana possession on way to SXSW talk

According to Above the Law, the original iPhone jailbreaker, Geohot, was arrested for felony possession of marijuana while at an international border crossing on his way to SXSW. According to the report, the arresting border patrol officers may have been outside of their jurisdiction (and likely measured improperly).

Before you rush to judge the guy, remember Steve Jobs’ thoughts on mind-altering substances (and phone hacking). If you have jailbroken using any of the “xxxRain” jailbreaking tools, you have used Geohot’s work. He also recently worked at both Google and Facebook (and Lady Gaga’s BackPlane).

He was still able to give his talk at SXSW, which is a pretty interesting (mp3). The full description is below:

Read more

Famous jailbreaker Geohot joins Facebook team

TechUnwrapped is reporting that famous jailbreaker George Hotz, known as Geohot, is now working at Facebook. You may know Geohot for getting in a lawsuit by Sony for his Playstation hack and his jailbreaking tools like purplera1n, blackra1n, and limera1n. In recent months Geohot has been off the map after the Sony ordeal, but it appears now he is back (unfortunately not as a rapper).

Techmeme’s Gabe Rivera did some digging on Geohot’s Facebook to confirm TechUnwrapped’s story. It appears Geohot joined Facebook as a Software engineer in May, but he announced the news June 17th. June 22nd he said, “is Facebook is really an amazing place to work…first hackathon over.” What do you think he is doing as a Software Engineer? Perhaps he’s working on the secret Project Trojan…er Spartan. Read more