Small $500 device shown to brute force hack iPhone 7 lock screen passcodes, but could take...

2»

Comments

  • Reply 21 of 39
    a alphanumeric passcode has no bearing it the number of possible codes. The input screen is only a numeric keypad such that the #2 is the same as A,B, C i.e. "2222" is the same as "aaaa". So there are only 10,000 combinations if using six digits.
  • Reply 22 of 39
    As others have said, ever since TouchID there's no reason to not have a complex passcode for those concerned about security. I use a 9 digit alphanumeric passcode.
    Soliwatto_cobra
  • Reply 23 of 39
    SoliSoli Posts: 9,276member
    mretondo said:
    a alphanumeric passcode has no bearing it the number of possible codes. The input screen is only a numeric keypad such that the #2 is the same as A,B, C i.e. "2222" is the same as "aaaa". So there are only 10,000 combinations if using six digits.

    danhwatto_cobra
  • Reply 24 of 39
    foggyhillfoggyhill Posts: 4,767member
    So, I guess they;ll take a million years to do mine... I am .. worried.... Not really.
    watto_cobra
  • Reply 25 of 39
    nhtnht Posts: 4,496member

    Edit: I guess I didn't grasp Soli's point of view adequately in this thread. People should not be hypocrites when similar issues are found out in other platforms (read Android). When that happens constantly, the standard expected from Apple has to be higher OR people should stop being hypocrites.

    There's a difference between vulnerabilities that require physical access to a device and vulnerabilities that involve the user simply downloading something off the official app store.  There is a level of false equivalence here.

    Security isn't always IF something can happen but HOW LONG will it take to happen.  
    randominternetpersonwatto_cobra
  • Reply 26 of 39
    Soli said:
    Adopt wireless charging and get rid of all ports, and then make the device be able to somehow detect when someone is cracking open the case and automatically wipe all data. Not that this eliminates all hacking, but puts a stop to a lot of it. 
    Wireless charging likely isn't happening for a long time. Inductive charging as an option looks possible this year, but the Lightning port with USB 3.x speeds and fast charging will likely be around for a very long time.
    Inductive is what I meant. It's essentially wireless though relative to what's common use now. Either way there's no charging port, but thanks/no thanks for the "technical" answer. 
  • Reply 27 of 39
    mike1 said:
    Adopt wireless charging and get rid of all ports, and then make the device be able to somehow detect when someone is cracking open the case and automatically wipe all data. Not that this eliminates all hacking, but puts a stop to a lot of it. 
    Wireless charging should never be the only option. Many people need or want to use the device while it is charging.
    Just like many people need the 3.5mm headphone jack? This doesn't really hold water as long as charging becomes more efficient and faster. If you can essentially charge your phone in a few minutes, then why would you need to charge it while you use it? And if literal wireless charging becomes a thing then you will still be able to use a device while charging. 

    This is a hypothetical post, obviously, but you nerds really have no freaking imagination. What is it about holding on to legacy technology that you have to complain about every idea that wants to replace it?
  • Reply 28 of 39
    vmarksvmarks Posts: 724editor
    This is a vulnerability, but it doesn't address iCloud and Find my iPhone.

    If you have iCloud and Find My iPhone enabled, it cannot be turned off without the iCloud password, and if the device is erased, it cannot be setup without the iCloud password and the iCloud email address, which is obscured with ****. 

    This is bad in that it grants you access to pretty much everything, but it does not allow a transfer of ownership of the device. 
    Soli
  • Reply 29 of 39
    SoliSoli Posts: 9,276member
    vmarks said:
    This is a vulnerability, but it doesn't address iCloud and Find my iPhone.

    If you have iCloud and Find My iPhone enabled, it cannot be turned off without the iCloud password, and if the device is erased, it cannot be setup without the iCloud password and the iCloud email address, which is obscured with ****. 

    This is bad in that it grants you access to pretty much everything, but it does not allow a transfer of ownership of the device. 
    I wonder if you have 2FA enabled that you can get an iCloud password reset code to that iDevice which could then reset the password which would allow you to disable Find My iPhone and Activation Lock.
  • Reply 30 of 39
    nhtnht Posts: 4,496member
    vmarks said:
    This is a vulnerability, but it doesn't address iCloud and Find my iPhone.

    If you have iCloud and Find My iPhone enabled, it cannot be turned off without the iCloud password, and if the device is erased, it cannot be setup without the iCloud password and the iCloud email address, which is obscured with ****. 

    This is bad in that it grants you access to pretty much everything, but it does not allow a transfer of ownership of the device. 
    Not really.  My personal financial app and password helper app sits behind another password or touchid.  Corporate stuff behind Good.
  • Reply 31 of 39
    SoliSoli Posts: 9,276member
  • Reply 32 of 39
    lkrupp said:
    I use a 7 digit passcode. I wonder how long that would take to hack over a 4 digit passcode?
    Try this out:  https://www.grc.com/haystack.htm

    It uses a much faster rate, but should give you an idea of how long brute forcing can take.  With passwords, length is king.  It can be helpful to have a bigger alphabet (lowers,uppers,punctuation,other special chars), but in the end, each new position you add to your passwords increases the haystack at an exponential rate.
    watto_cobra
  • Reply 33 of 39
    Hmmmm, I have a feeling that this is already caused by the pressure in apple to have back doors in its OS.
    It seems to happen in the latest ios... the government simply silently rolled back the charges against apple to force them to have a backdoor...hmmm coincidence?

    hmmm... even though apple is publicly against it, it could be that the risk was to high and they ended up silently agreeing in providing a backdoor on a tactical way to minimize unwanted impact on the shareholders...

    Of course.. they'll come and say no no... but if there would be such agreement, we would never know...Maybe they'll have different ones in every os version and if one of them gets discovered (like this one) they simply fix it and open another one...
  • Reply 34 of 39
    SoliSoli Posts: 9,276member
    Hmmmm, I have a feeling that this is already caused by the pressure in apple to have back doors in its OS.
    It seems to happen in the latest ios... the government simply silently rolled back the charges against apple to force them to have a backdoor...hmmm coincidence?

    hmmm... even though apple is publicly against it, it could be that the risk was to high and they ended up silently agreeing in providing a backdoor on a tactical way to minimize unwanted impact on the shareholders...

    Of course.. they'll come and say no no... but if there would be such agreement, we would never know...Maybe they'll have different ones in every os version and if one of them gets discovered (like this one) they simply fix it and open another one…
    That's some stupid shit. This isn't a backdoor and this isn't by Apple. It's also resolved with the iOS 11 beta that came out before this story posted.
  • Reply 35 of 39
    robjnrobjn Posts: 236member
    According to an investigation by MacRumors this technique only works during a short window of about ten minutes directly after the passcode has been changed.

    So if you changed your passcode more than ten minutes ago your safe.

    also Apple fixed the bug with iOS 11
    watto_cobra
  • Reply 36 of 39
    sog35 said:
    Easy fix:  if you loss  your phone then use Find My iPhone and wipe it clear
    The Find My iPhone lock is bypassed by the thieves who turn off the victim's iPhones as they are stealing them --while powered off, they eject the SIM card and turn it back on in an environment without any WiFi around or leave the SIM card in and power the phone up inside of an all metal room (so the Find My iPhone server can't get through to it).

    vmarks said:
    This is a vulnerability, but it doesn't address iCloud and Find my iPhone.

    If you have iCloud and Find My iPhone enabled, it cannot be turned off without the iCloud password, and if the device is erased, it cannot be setup without the iCloud password and the iCloud email address, which is obscured with ****. 

    This is bad in that it grants you access to pretty much everything, but it does not allow a transfer of ownership of the device. 

    There are apparently tools and services that can bypass the iCloud Activation Lock using the carrier provisioning systems and separately, there are carriers in other countries that don't honor the stolen-IMEI databases that would be the final line of defense after iCloud Activation Lock has fallen.

    Plus, they can sell the devices for their screens and cameras to "repair" shops, with profits limited only by how many they can steal per day (anywhere there are crowds) and if your device has say a Verizon SIM (which is not locked to the IMEI), then the thieves can use it in other devices to make phone calls until you cancel it with Verizon.
  • Reply 37 of 39
    Soli said:
    Hmmmm, I have a feeling that this is already caused by the pressure in apple to have back doors in its OS.
    It seems to happen in the latest ios... the government simply silently rolled back the charges against apple to force them to have a backdoor...hmmm coincidence?

    hmmm... even though apple is publicly against it, it could be that the risk was to high and they ended up silently agreeing in providing a backdoor on a tactical way to minimize unwanted impact on the shareholders...

    Of course.. they'll come and say no no... but if there would be such agreement, we would never know...Maybe they'll have different ones in every os version and if one of them gets discovered (like this one) they simply fix it and open another one…
    That's some stupid shit. This isn't a backdoor and this isn't by Apple. It's also resolved with the iOS 11 beta that came out before this story posted.
    ofcourse ofcourse...
  • Reply 38 of 39
    foggyhillfoggyhill Posts: 4,767member
    sog35 said:
    Easy fix:  if you loss  your phone then use Find My iPhone and wipe it clear
    The Find My iPhone lock is bypassed by the thieves who turn off the victim's iPhones as they are stealing them --while powered off, they eject the SIM card and turn it back on in an environment without any WiFi around or leave the SIM card in and power the phone up inside of an all metal room (so the Find My iPhone server can't get through to it).

    vmarks said:
    This is a vulnerability, but it doesn't address iCloud and Find my iPhone.

    If you have iCloud and Find My iPhone enabled, it cannot be turned off without the iCloud password, and if the device is erased, it cannot be setup without the iCloud password and the iCloud email address, which is obscured with ****. 

    This is bad in that it grants you access to pretty much everything, but it does not allow a transfer of ownership of the device. 

    There are apparently tools and services that can bypass the iCloud Activation Lock using the carrier provisioning systems and separately, there are carriers in other countries that don't honor the stolen-IMEI databases that would be the final line of defense after iCloud Activation Lock has fallen.

    Plus, they can sell the devices for their screens and cameras to "repair" shops, with profits limited only by how many they can steal per day (anywhere there are crowds) and if your device has say a Verizon SIM (which is not locked to the IMEI), then the thieves can use it in other devices to make phone calls until you cancel it with Verizon.
    Yet, most of those things DON"T HAPPEN cause well, they're hard (or losing proposition compared to effort) as hell as proven by actual theft stats. I' m so tired of straw men being built .
    Built some realistic cases or stop pitching.
    edited August 2017 watto_cobra
Sign In or Register to comment.