Many phone and tablet passwords can be guessed outright. A mobile device gets lost or stolen and all the person recovering it has to do is try some basic number combinations such as 1234, 1212, or 0000. Soon, voilà! the system is unlocked.

Many phones and tablets running iOS, Android, and Blackberry OS are configured to wipe the device if the incorrect password is entered X number of times. A reasonable security control indeed. But what else can be done? Some commercial tools can be used to crack simple passwords/PINs and recover information from lost or stolen devices or devices undergoing a forensics investigation.

Elcomsoft’s iOS Forensic Toolkit provides a means for demonstrating just how easily passwords/PINs on iOS-based phones and tablets can be cracked. Here’s how:


Plug your iPhone/iPod/iPad into your test computer and place it into Device Firmware Upgrade (DFU) mode. Load the iOS Forensic Toolkit by inserting your USB license dongle into your test computer and running Tookit.cmd.

To enter DFU mode, simply power the device off, hold down the Home button (bottom center) and sleep button (upper corner) at the same time for 10 seconds, and continue holding down the Home button for another 10 seconds. The mobile device screen goes blank.


Load the iOS Forensic Toolkit Ramdisk onto the mobile device by selecting option 2 LOAD RAMDISK.

Loading the RAMDISK code allows your test computer to communicate with the mobile device and run the tools needed for cracking the password (among other things).


Select the iOS device that’s connected.

You now see the toolkit connect to the device and confirm a successful load. You should see the Elcomsoft logo in the middle of your mobile device’s screen as well.


To crack the devices password/PIN, simply select option 6 GET PASSCODE on the main menu.

iOS Forensic Toolkit will prompt you to save the passcode to a file. You can press Enter to accept the default of passcode.txt. The cracking process will commence and, with any luck, the passcode will be found and displayed.

So, having no password for phones and tablets is bad, and a 4-digit PIN such as this is not much better. User beware!


You can also use iOS Forensic Toolkit to copy files and even crack the keychains to uncover the password that protects the device’s backups in iTunes (option 5 GET KEYS).

If anything, you need to be thinking about how your business information, which undoubtedly is present on phones and tablets, is going to be handled in the event one of your employee’s devices is seized by law enforcement personnel. Sure, they’ll follow their chain-of-custody procedures, but overall, they’ll have very little incentive to ensure the information stays protected long-term.