XRY Software Allows Law Enforcement To Crack Your Smartphone PIN In Minutes [Video]


We’ve told you guys countless times that using almost any type of password to secure your device is, in most cases, a very good idea (see Google Wallet debacle of 2012). Well, when it comes to using some methods — a PIN, specifically — to keep your device safe from prying eyes, it might not be as secure as you think. Mirco Systemation is a Swedish company who is providing the military and law enforcement with software that can crack your measly PIN code in just a few minutes. The software, dubbed XRY, uses what the kids call the “brute force method” so, more lengthy passcodes could take a little longer to crack. But hey, that may give you enough time to call your lawyer should you ever find yourself in a precarious situation.

The software doesn’t just stop as unlocking your device, once connected to a Windows machine, this guy will suck out all your emails, SMS messages, call-logs and even data from third-party apps. They even demonstrated their data siphoning software on video which, according to them, adheres to strict export control laws which limit exactly which governments they can sell their software to. Currently they offer services to around 60 countries.

The moral of the story? If you plan on continuing your pimp game (or not), Android’s trusty “pattern lock” has a pretty good track record of thwarting law enforcement’s attempts at gaining access to your phone. Keep that pimp hand strong, playa.

[Forbes | Via TheVerge]

Chris Chavez
I've been obsessed with consumer technology for about as long as I can remember, be it video games, photography, or mobile devices. If you can plug it in, I have to own it. Preparing for the day when Android finally becomes self-aware and I get to welcome our new robot overlords.

Snapdragon Powered Smartphone Travels Around The World In A Single Charge

Previous article

International Samsung Galaxy Note (Unlocked) Up For Sale Again For $550 [Deals]

Next article

You may also like


  1. This is why everyone needs to be able to remotely wipe their phones…

    1. What app do u recommend ?

      1. Got Ya! or Android Lost both can remote wipe. There’s plenty more security apps as well with the same functionality 

      2.  SeekDroid

    2.  Remote wipe won’t work if they throw it in a RF blocking room.

      How about data wipe if tampering/too many incorrect codes are entered ?

  2. What if the device is encrypted using ICS’ built in encryption? 

    1. thats what i use. it makes the boot time a little slower well worth it.

    2.  Problem solved

  3. Better secure with face detection to keep the pigs out!

    1. shame that face detection can be fooled by a photo of you.

      1. Not a chance!

        1.  I’m afraid its true, even for this die hard Android fan.

          1. well its going to change soon…sammy has tweaked face unlock to include blinking of the eye a must while unlocking, and have included a smile as optional. Hopefully this future will be integrated into android itself in the near future. :)

  4. htc vivid with face unlock that works with Gotya! so I get pictures emailed to me of the asshats trying to crack it then as a back up a pattern unlock that borders on autistic.
    Also one phone call can have it remotely wiped. (or you can put a snyde message up on the screen with no way to trace it back since someone would be logged into my htc sense account on my own computer hehe Thank you HTC sense (site is down better be good til april 30th)
    I hope some smarty has the gotya app and can snap pictures of the cops lol I can see that becoming a new meme….

  5. Wouldn’t you need usb debugging on for any of this to work? I’m inclined to call shenanigans.

  6. Atrix fingerprint scanner for the epic win!

    1. Mythbusters broke the finger print lock in 10 minutes

  7. This is an amazing calculator, I find it fascinating. It shows you how easy/hard it is to crack a given password.

    For example, a 4 digit numeric password has 11,110 possible combinations, which when you think about it, isn’t that hard at all. It’s no surprise this thing can crack a PIN in such a short time. However, add just one letter in there, and the combinations dramatically increase to 1,727,604. A six character alphanumeric password would require 2,238,976,116 guesses, which would take weeks to crack assuming a speedy 1,000 guesses per second.

    1. A 4-digit password has exactly 10,000 possible combinations – 0000 through 9999.  The 11,110 possible combinations you’re referring to allows for the possibility of passwords of 1, 2, 3 or 4 digits, but Android doesn’t allow less than 4 digits.

      I love the calculator though!

  8. Yeah, why not just encrypt your phone and all contents. Also require a different PIN to access each application – something like a long sentence but using the 2nd or 3rd letter from each word of the sentence as your password.

    1. Um…? I thought all they needed to do was get into the phone. They don’t need to go into the programs. So once they get into the phone, then they can go into the folders and copy all the content. They don’t need to open the apps to get all that information.

      I don’t need to open SMS to get my text messages. There’s an overly technical way to get them. LoL!!

  9. Ummm how does brute force work? Doesn’t Android lock you out or something after so many unlock failures?

    1. Yea it does for lyk 30 seconds.

  10. The pattern lock gets cracked at the end though? 

  11. I would love to see an app that could nuke a phone on demand.  Either by placing a widget on the homescreen, or cleverly disguised as a “dummy app”.

    I have a schedule set up through Titanium backup, to backup all my apps and their data in the middle of the night, then sync with Dropbox.

    If I was every being pulled over, or knew in advance to expect a run in with the law, I could quickly fire the nuke, which would then take over.  It would automate a reboot into recovery, flash a “Format All” script which would wipe the phone, and then, start writing random 1’s and 0’s over the partitions where my data would normally live, to avoid easy data recovery.

    For added fun, it would be cool to be able to specify a “nuke” nandroid backup.  So it would nuke your data by formatting, then automatically restore a nandroid backup of your choosing with “junk data” on it, so that to the unsuspecting eye it is just your regular phone  …with non-incriminating information on it of course.

    Remote nuking would be just as awesome too, but there’s got to be a way to initiate it directly from the phone in case you don’t have time to get to a computer to start the process.


  12. The video has been removed by the user!?  FYI – the end of the source article has a link to other videos from the same company.

  13.  Turn on Encryption on any ICS handset.

  14. How long until this shit winds up in the hands of a Gov’t like Syria or Iran?  I can see the entire Green Movement in Iran having their phones hacked with shit like this and summarily executed in a single night.

  15. Im not a bad guy so I’m not worried about law having my info
    Its if u were to get video or pictures of a bad cop then he takes your phone
    So set that stuff to auto upload and bust his ass!

  16. Here’s an easy solution.

    Short/cut the USB data lines on the phone side.

    Now no one, you included, can use the USB port on your phone as anything more than a charging port.  Install something like Airdroid to move files between phone & computer.  Apart from unlocking my Galaxy Nexus, I don’t think I’ve used the USB port for anything other than charging.

    Could someone repair this?  Sure, but not while you’re sitting on the side of the road at a traffic stop.  It’s not hard to repair, but it’s unlikely that they would ever suspect a hardware mod.

Leave a reply

Your email address will not be published. Required fields are marked *

More in Video