Science Parties Just £125 for a 1-hr party! Interactive, fun and unforgettable

£120 code cracker that can unlock an iPhone in six hours: So hands up, FBI, why did it take you FOUR MONTHS to access jihadi's phone?

Device, called an IP Box, can be purchased openly on the internet

Mail on Sunday investigation showed it took just six hours to crack code

FBI entered battle with Apple to unlock phone of San Bernardino shooter

After two month stalemate, FBI announced it unlocked the phone last week

Tens of millions of bestselling smartphones can easily be hacked by criminals using a £120 device that cracks their four-digit passcode.

An investigation by The Mail on Sunday found the gadget, sold openly on the internet, could be used to gain access to private and confidential details stored on Apple iPhones, including photographs, emails, contact details and call histories.

Using the device – called an IP Box – this newspaper was able to break the passcode of an Apple iPhone 5C, the model that America’s Federal Bureau of Investigation had been fighting to access in order to gain information about a terrorist massacre.

The FBI entered a high-stakes legal battle with Apple over the handset belonging to Syed Farook, who died with his wife in a gun battle with police after the couple killed 14 people in December in San Bernardino, California.

Apple had refused to help investigators find the code to unlock the murderer’s phone, saying it feared it would set a legal precedent and allow law enforcement officials to probe the contents of millions of its phones in future investigations.

After a two-month stalemate, the FBI last week announced it had finally broken the four-digit code, finding the right sequence out of a possible 10,000 numeric combinations. But what took the FBI weeks can apparently be done in a matter of hours with devices like the IP Box, which launch a ‘brute force’ attack on the password by going through all the possible combinations until it finds the right one.

Normally, iPhones are disabled once five wrong attempts are entered but the IP Box is able to keep trying codes.

Other devices such as iPads and mini iPads are also susceptible to the attack.

The FBI entered a high-stakes legal battle with Apple over the handset belonging to Syed Farook (right), who died with his wife (left) in a gun battle with police after the couple killed 14 people in December in San Bernardino, California

This newspaper purchased an IP Box from the online store Fone Fun Shop, which has a retail premises in Sheffield. The device can also be bought on eBay.

Our device arrived the following day and we tested it by setting a random four-digit number as the passcode on an iPhone 5C.

We plugged the device in to the phone and watched as it tried codes starting from 0000 upward

FBI director James Comey asked Apple to create software to unlock Farook's phone but the company refused

After nearly six hours, the device cracked the code 3298 – and started beeping and lighting up the iPhone screen to signify a successful hack. With the code we were able to access all the data on the device, as well as change its passcode to one of our choosing. As each entry takes six seconds to input, an iPhone can be cracked within seconds ranging up to 17 hours.

iPhones run on computer programs called operating systems which are updated over time to increase security and make other features more efficient. While the phone tested by the MoS was the same model as the San Bernardino one, it was running an older operating system – iOS 7. The San Bernardino one was on iOS 9. That said, experts claim similar devices can also now hack this system. Company director of Fone Fun Shop Mark Strachan, 45, said: ‘We discovered the device via our Hong Kong office and were sceptical as to whether it would work but after testing we discovered it worked perfectly.

‘We already supply forensic tools to law enforcement within the UK and worldwide and decided to introduce it into our line of products. There are certain scenarios where this kind of technology is needed to help people for the right reasons, it’s not all bad.

It took just six hours for the IP Box to unlock the test iPhone in the Mail on Sunday's investigation

‘We have helped many families who had a family member die suddenly get sentimental photos off their locked device.

‘We have also helped many people get access to all their phone book contacts, especially people in business, who put everything in their iPhones such as suppliers and customer contact details that would be totally lost unless they cracked the passcode to their phone.’

Mr Strachan added that this month they will start selling a new device that can crack into the latest Apple iPhone software – the iOS 9 system that was on the San Bernardino phone. This means hundreds of millions of iPhones – even the ones with the latest software – could be vulnerable to attack.

He said: ‘It is the same technology the FBI got access to crack the passcode on the San Bernardino device.’

The IP Box is not illegal but if it were to be used to hack someone’s iPhone then it would be a crime under section 55 of the Data Protection Act 1998

Director of the Cyber Security Centre at The University of Warwick, Professor Tim Watson, said: ‘Phones are incredibly useful devices but the problem is there are thieves who are constantly seeking access to them. The answer is you should always make sure you have your phone updated to the latest piece of software.’ A spokesman for the FBI refused to comment but a source close to the US intelligence agency said: ‘The FBI is well aware of IP Boxes and have highly sophisticated versions of the product.’

An Apple spokesman refused to comment. The IP Box is not illegal but if it were to be used to hack someone’s iPhone then it would be a crime under section 55 of the Data Protection Act 1998.

 

New phone case could help terrorists

+6

The Vysk device clips to the phone and, with the flick of a switch, can be put into stealth mode

Terrorists could carry out a Paris or Brussels-style attack in Britain using a mobile phone case that can encrypt iPhone calls and texts, a security expert has warned.

The Vysk device clips to the phone and, with the flick of a switch, can be put into stealth mode to stop hackers from gaining access to its data. All calls and text messages are diverted via an encrypted server.

And its cover stops the camera and microphone from being hacked to gain remote access for eavesdropping. But Professor Anthony Glees, director of the University of Buckingham’s Centre for Security and Intelligence Studies, said terrorists could make use of the features to evade the security services – and bring terror to Britain’s streets.

He said: ‘I do not think there should be any form of communication that cannot be decrypted or intercepted.

‘The great success that Bletchley Park had in shortening the war relied on intercepting messages transmitted by wireless and cable.

‘Any device that cannot be used for intercept intelligence is a device in my book that we do not need.

‘By mining big data our people are able to prevent the sort of things in Britain which happened in Paris and Brussels. Anybody that claims to make something that means a terrorist attack is more likely to succeed will have a very heavy burden on their conscience.’

Vysk CEO Victor Cocchia said he has sold the device to major British accountants, banks and law firms.

He said: ‘These devices are intended for people who need to have private, sensitive conversations and cannot risk them being listened in on.

‘If we are told by any intelligence services that they suspect the device is being used by a terrorist then we have the ability to turn it off remotely.’

The device will be sold in Harrods and Selfridges for £825, which will include unlimited encrypted phone calls for a year.