a alphanumeric passcode has no bearing it the number of possible codes. The input screen is only a numeric keypad such that the #2 is the same as A,B, C i.e. "2222" is the same as "aaaa". So there are only 10,000 combinations if using six digits.
As others have said, ever since TouchID there's no reason to not have a complex passcode for those concerned about security. I use a 9 digit alphanumeric passcode.
a alphanumeric passcode has no bearing it the number of possible codes. The input screen is only a numeric keypad such that the #2 is the same as A,B, C i.e. "2222" is the same as "aaaa". So there are only 10,000 combinations if using six digits.
Edit: I guess I didn't grasp Soli's point of view adequately in this thread. People should not be hypocrites when similar issues are found out in other platforms (read Android). When that happens constantly, the standard expected from Apple has to be higher OR people should stop being hypocrites.
There's a difference between vulnerabilities that require physical access to a device and vulnerabilities that involve the user simply downloading something off the official app store. There is a level of false equivalence here.
Security isn't always IF something can happen but HOW LONG will it take to happen.
Adopt wireless charging and get rid of all ports, and then make the device be able to somehow detect when someone is cracking open the case and automatically wipe all data. Not that this eliminates all hacking, but puts a stop to a lot of it.
Wireless charging likely isn't happening for a long time. Inductive charging as an option looks possible this year, but the Lightning port with USB 3.x speeds and fast charging will likely be around for a very long time.
Inductive is what I meant. It's essentially wireless though relative to what's common use now. Either way there's no charging port, but thanks/no thanks for the "technical" answer.
Adopt wireless charging and get rid of all ports, and then make the device be able to somehow detect when someone is cracking open the case and automatically wipe all data. Not that this eliminates all hacking, but puts a stop to a lot of it.
Wireless charging should never be the only option. Many people need or want to use the device while it is charging.
Just like many people need the 3.5mm headphone jack? This doesn't really hold water as long as charging becomes more efficient and faster. If you can essentially charge your phone in a few minutes, then why would you need to charge it while you use it? And if literal wireless charging becomes a thing then you will still be able to use a device while charging.
This is a hypothetical post, obviously, but you nerds really have no freaking imagination. What is it about holding on to legacy technology that you have to complain about every idea that wants to replace it?
This is a vulnerability, but it doesn't address iCloud and Find my iPhone.
If you have iCloud and Find My iPhone enabled, it cannot be turned off without the iCloud password, and if the device is erased, it cannot be setup without the iCloud password and the iCloud email address, which is obscured with ****.
This is bad in that it grants you access to pretty much everything, but it does not allow a transfer of ownership of the device.
This is a vulnerability, but it doesn't address iCloud and Find my iPhone.
If you have iCloud and Find My iPhone enabled, it cannot be turned off without the iCloud password, and if the device is erased, it cannot be setup without the iCloud password and the iCloud email address, which is obscured with ****.
This is bad in that it grants you access to pretty much everything, but it does not allow a transfer of ownership of the device.
I wonder if you have 2FA enabled that you can get an iCloud password reset code to that iDevice which could then reset the password which would allow you to disable Find My iPhone and Activation Lock.
This is a vulnerability, but it doesn't address iCloud and Find my iPhone.
If you have iCloud and Find My iPhone enabled, it cannot be turned off without the iCloud password, and if the device is erased, it cannot be setup without the iCloud password and the iCloud email address, which is obscured with ****.
This is bad in that it grants you access to pretty much everything, but it does not allow a transfer of ownership of the device.
Not really. My personal financial app and password helper app sits behind another password or touchid. Corporate stuff behind Good.
It uses a much faster rate, but should give you an idea of how long brute forcing can take. With passwords, length is king. It can be helpful to have a bigger alphabet (lowers,uppers,punctuation,other special chars), but in the end, each new position you add to your passwords increases the haystack at an exponential rate.
Hmmmm, I have a feeling that this is already caused by the pressure in apple to have back doors in its OS. It seems to happen in the latest ios... the government simply silently rolled back the charges against apple to force them to have a backdoor...hmmm coincidence?
hmmm... even though apple is publicly against it, it could be that the risk was to high and they ended up silently agreeing in providing a backdoor on a tactical way to minimize unwanted impact on the shareholders...
Of course.. they'll come and say no no... but if there would be such agreement, we would never know...Maybe they'll have different ones in every os version and if one of them gets discovered (like this one) they simply fix it and open another one...
Hmmmm, I have a feeling that this is already caused by the pressure in apple to have back doors in its OS. It seems to happen in the latest ios... the government simply silently rolled back the charges against apple to force them to have a backdoor...hmmm coincidence?
hmmm... even though apple is publicly against it, it could be that the risk was to high and they ended up silently agreeing in providing a backdoor on a tactical way to minimize unwanted impact on the shareholders...
Of course.. they'll come and say no no... but if there would be such agreement, we would never know...Maybe they'll have different ones in every os version and if one of them gets discovered (like this one) they simply fix it and open another one…
That's some stupid shit. This isn't a backdoor and this isn't by Apple. It's also resolved with the iOS 11 beta that came out before this story posted.
According to an investigation by MacRumors this technique only works during a short window of about ten minutes directly after the passcode has been changed.
So if you changed your passcode more than ten minutes ago your safe.
Easy fix: if you loss your phone then use Find My iPhone and wipe it clear
The Find My iPhone lock is bypassed by the thieves who turn off the victim's iPhones as they are stealing them --while powered off, they eject the SIM card and turn it back on in an environment without any WiFi around or leave the SIM card in and power the phone up inside of an all metal room (so the Find My iPhone server can't get through to it).
This is a vulnerability, but it doesn't address iCloud and Find my iPhone.
If you have iCloud and Find My iPhone enabled, it cannot be turned off without the iCloud password, and if the device is erased, it cannot be setup without the iCloud password and the iCloud email address, which is obscured with ****.
This is bad in that it grants you access to pretty much everything, but it does not allow a transfer of ownership of the device.
There are apparently tools and services that can bypass the iCloud Activation Lock using the carrier provisioning systems and separately, there are carriers in other countries that don't honor the stolen-IMEI databases that would be the final line of defense after iCloud Activation Lock has fallen.
Plus, they can sell the devices for their screens and cameras to "repair" shops, with profits limited only by how many they can steal per day (anywhere there are crowds) and if your device has say a Verizon SIM (which is not locked to the IMEI), then the thieves can use it in other devices to make phone calls until you cancel it with Verizon.
Hmmmm, I have a feeling that this is already caused by the pressure in apple to have back doors in its OS. It seems to happen in the latest ios... the government simply silently rolled back the charges against apple to force them to have a backdoor...hmmm coincidence?
hmmm... even though apple is publicly against it, it could be that the risk was to high and they ended up silently agreeing in providing a backdoor on a tactical way to minimize unwanted impact on the shareholders...
Of course.. they'll come and say no no... but if there would be such agreement, we would never know...Maybe they'll have different ones in every os version and if one of them gets discovered (like this one) they simply fix it and open another one…
That's some stupid shit. This isn't a backdoor and this isn't by Apple. It's also resolved with the iOS 11 beta that came out before this story posted.
Easy fix: if you loss your phone then use Find My iPhone and wipe it clear
The Find My iPhone lock is bypassed by the thieves who turn off the victim's iPhones as they are stealing them --while powered off, they eject the SIM card and turn it back on in an environment without any WiFi around or leave the SIM card in and power the phone up inside of an all metal room (so the Find My iPhone server can't get through to it).
This is a vulnerability, but it doesn't address iCloud and Find my iPhone.
If you have iCloud and Find My iPhone enabled, it cannot be turned off without the iCloud password, and if the device is erased, it cannot be setup without the iCloud password and the iCloud email address, which is obscured with ****.
This is bad in that it grants you access to pretty much everything, but it does not allow a transfer of ownership of the device.
There are apparently tools and services that can bypass the iCloud Activation Lock using the carrier provisioning systems and separately, there are carriers in other countries that don't honor the stolen-IMEI databases that would be the final line of defense after iCloud Activation Lock has fallen.
Plus, they can sell the devices for their screens and cameras to "repair" shops, with profits limited only by how many they can steal per day (anywhere there are crowds) and if your device has say a Verizon SIM (which is not locked to the IMEI), then the thieves can use it in other devices to make phone calls until you cancel it with Verizon.
Yet, most of those things DON"T HAPPEN cause well, they're hard (or losing proposition compared to effort) as hell as proven by actual theft stats. I' m so tired of straw men being built .
Comments
Security isn't always IF something can happen but HOW LONG will it take to happen.
This is a hypothetical post, obviously, but you nerds really have no freaking imagination. What is it about holding on to legacy technology that you have to complain about every idea that wants to replace it?
If you have iCloud and Find My iPhone enabled, it cannot be turned off without the iCloud password, and if the device is erased, it cannot be setup without the iCloud password and the iCloud email address, which is obscured with ****.
This is bad in that it grants you access to pretty much everything, but it does not allow a transfer of ownership of the device.
It uses a much faster rate, but should give you an idea of how long brute forcing can take. With passwords, length is king. It can be helpful to have a bigger alphabet (lowers,uppers,punctuation,other special chars), but in the end, each new position you add to your passwords increases the haystack at an exponential rate.
It seems to happen in the latest ios... the government simply silently rolled back the charges against apple to force them to have a backdoor...hmmm coincidence?
hmmm... even though apple is publicly against it, it could be that the risk was to high and they ended up silently agreeing in providing a backdoor on a tactical way to minimize unwanted impact on the shareholders...
Of course.. they'll come and say no no... but if there would be such agreement, we would never know...Maybe they'll have different ones in every os version and if one of them gets discovered (like this one) they simply fix it and open another one...
So if you changed your passcode more than ten minutes ago your safe.
also Apple fixed the bug with iOS 11
There are apparently tools and services that can bypass the iCloud Activation Lock using the carrier provisioning systems and separately, there are carriers in other countries that don't honor the stolen-IMEI databases that would be the final line of defense after iCloud Activation Lock has fallen.
Plus, they can sell the devices for their screens and cameras to "repair" shops, with profits limited only by how many they can steal per day (anywhere there are crowds) and if your device has say a Verizon SIM (which is not locked to the IMEI), then the thieves can use it in other devices to make phone calls until you cancel it with Verizon.