US immigration agents will have access to one of the world’s most sophisticated hacking tools after a decision by the Trump administration to move ahead with a contract with Paragon Solutions, a company founded in Israel which makes spyware that can be used to hack into any mobile phone – including encrypted applications.
The Department of Homeland Security first entered into a contract with Paragon, now owned by a US firm, in late 2024, under the Biden administration. But the $2m contract was put on hold pending a compliance review to make sure it adhered to an executive order that restricts the US government’s use of spyware, Wired reported at the time.
That pause has now been lifted, according to public procurement documents, which list US Immigration and Customs Enforcement (Ice) as the contracting agency.
That’s for breaking a bcrypt hash, and I don’t believe there’s any way to extract the pin hash from a phone since it happens inside a secure hardware layer (like a TPM). If it is possible, the attacker would most likely have to physically destroy your phone to get at it. To bruteforce a 4 digit pin with retry lockout timers, it takes 16 hours to try all combinations, according to a tool I found that auto-enters pins via usb keyboard emulation.
What lockouts? https://appleinsider.com/articles/21/06/22/iphone-hacking-tool-graykey-techniques-outlined-in-leaked-instructions
The linked article doesn’t mention whether it can bypass the max attempt lockout or not. I’m not saying you’re wrong, but the article you linked does nothing to support your claim.
That said, an alphanumeric password is certainly more secure than a PIN, no doubt.