Apple pulls app after dev publishes users' PINs
Too many folk use too-easy-to-guess passcodes
Is your phone PIN '1234'? If you're an iPhone owner, there's a good chance that it is. In fact, there's a good chance it's your PIN whatever handset you use.
iOS software developer Daniel Amitay, creator of an app called Big Brother Camera Security, added iPhone-style four-digit passcode access to his program. He was staggered to discover how many of them use codes that are easy to recall, but also very easy to guess.
Now, we'll overlook the moral implications of a developer covertly recording users' passcodes, even anonymously. Suffice it to say, Amitay has now had his nosy app yanked from the App Store. Amity says the iTunes EULA is on his side, but that's another story.
Amitay reasoned that punters will generally use the same code for his app as they will for their iPhone's main PIN lock - he says because the UIs are identical, but we'd suggest that the fundamental laziness of folk is also to blame - so he posted the most popular BBCS PINs.
But what about those codes? Right after '1234' comes '0000', followed by '2580', '1111' and '5555'.
At sixth place is '5683' - an odd number until you realise it can be entered by tapping out the word 'love' on a mobile phone keypad.
Next comes '0852' - a vertical line upwards - '2222', '1212' and '1998'.
That last number is interesting: Amitay also found that years, from the 1990s and 2000s in particular, make very commonly used PINs.
Before some of you get all smug and suggest that Android users would never make such an elementary error of security, we're prepared to bet that they - and users of other phone operating systems too, from smartphones down to basic voice-centric units - will.
And, indeed, any other gadget or object - we're thinking credit and cash cards - that involve the use of a four-digit PIN.
At least we now have a list of numbers we know to avoid. Anyone who still uses '1234' after today really has no excuse. ®
COMMENTS
Nah
"Amitay reasoned that punters will generally use the same code for his app as they will for their iPhone's main PIN lock"
Amitay reasoned wrongly. I can only speak from a sample of one, but when some two-bit phone app asks me for a PIN, I will almost certainly use something trivially memorable like 1234 precisely to avoid given my main security PIN away to a third party.
Security levels of passwords and PINs isprecisely related to the importance of the application, and I think most people probably think the same.
GJC
That MIGHT be
a completely randomly generated number. But the odds are about 984 to 1 against.
pin stupidity
My bank won';t let me choose e.g. 4664 as a pin because it's 'not random enough'.
My card got nicked, so I ordered a new one, this comes with a bank-chosen pin to start off. good idea, the old one might be compromised.
New one came set to 7777
Shrug
Personally i only use the pin code on my phone to prevent pocket-dialing and the like. I am sure any hacker who wanted in to my phone and had stolen it could do so.
Perhaps others do the same?
Don't use one of those codes though.
Same Pin?
We are assuming that users are using the same pin for the app that they use to unlock the phone. If I was installing a 3rd party app and it wanted a PIN I would NOT use my phone pin number (or bank pin number) but would make another one up. There is a good chance the I'd use 1234, if I was just trying the app out, or didn't consider the security that important.
I feel the logic in this article is flawed.
