Feeds

Apple pulls app after dev publishes users' PINs

Too many folk use too-easy-to-guess passcodes

  • alert
  • submit to reddit

High performance access to file storage

Is your phone PIN '1234'? If you're an iPhone owner, there's a good chance that it is. In fact, there's a good chance it's your PIN whatever handset you use.

iOS software developer Daniel Amitay, creator of an app called Big Brother Camera Security, added iPhone-style four-digit passcode access to his program. He was staggered to discover how many of them use codes that are easy to recall, but also very easy to guess.

Now, we'll overlook the moral implications of a developer covertly recording users' passcodes, even anonymously. Suffice it to say, Amitay has now had his nosy app yanked from the App Store. Amity says the iTunes EULA is on his side, but that's another story.

Amitay reasoned that punters will generally use the same code for his app as they will for their iPhone's main PIN lock - he says because the UIs are identical, but we'd suggest that the fundamental laziness of folk is also to blame - so he posted the most popular BBCS PINs.

Common iPhone PINs

But what about those codes? Right after '1234' comes '0000', followed by '2580', '1111' and '5555'.

At sixth place is '5683' - an odd number until you realise it can be entered by tapping out the word 'love' on a mobile phone keypad.

Next comes '0852' - a vertical line upwards - '2222', '1212' and '1998'.

That last number is interesting: Amitay also found that years, from the 1990s and 2000s in particular, make very commonly used PINs.

Before some of you get all smug and suggest that Android users would never make such an elementary error of security, we're prepared to bet that they - and users of other phone operating systems too, from smartphones down to basic voice-centric units - will.

And, indeed, any other gadget or object - we're thinking credit and cash cards - that involve the use of a four-digit PIN.

At least we now have a list of numbers we know to avoid. Anyone who still uses '1234' after today really has no excuse. ®

High performance access to file storage

More from The Register

next story
Report: Apple seeking to raise iPhone 6 price by a HUNDRED BUCKS
'Well, that 5c experiment didn't go so well – let's try the other direction'
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Nvidia gamers hit trifecta with driver, optimizer, and mobile upgrades
Li'l Shield moves up to Android 4.4.2 KitKat, GameStream comes to notebooks
AMD unveils Godzilla's graphics card – 'the world's fastest, period'
The Radeon R9 295X2: Water-cooled, 5,632 stream processors, 11.5TFLOPS
Sony battery recall as VAIO goes out with a bang, not a whimper
The perils of having Panasonic as a partner
NORKS' own smartmobe pegged as Chinese landfill Android
Fake kit in the hermit kingdom? That's just Kim Jong-un-believable!
Gimme a high S5: Samsung Galaxy S5 puts substance over style
Biometrics and kid-friendly mode in back-to-basics blockbuster
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.