passcode   97

« earlier    

iOS 11 leaves iOS devices more vulnerable to edge-case attacks, says phone-cracking company ElcomSoft • 9to5Mac
Ben Lovejoy:
<p>Anyone wanting to access private data from an iPhone used to face two challenges, says the company in a <a href="https://blog.elcomsoft.com/2017/11/ios-11-horror-story-the-rise-and-fall-of-ios-security/">blog post</a> (which was experiencing loading problems at the time of writing). First, they had to access the device itself, which usually requires knowing or cracking the passcode. Second, even with the passcode, you could not access all the data on the device unless you could also crack the password used for the encrypted backup of the device.

It is the encrypted backup that contains Keychain data, allowing you to easily access any account used by the phone’s owner, as well as application data and more. Indeed, in many cases, authorities and other attackers focus their efforts on cracking the backup rather than the device itself, as it provides easier access to more data.

Prior to iOS 11, if you made an encrypted backup to iTunes, the password protecting that backup was used every time in future, even if you switched Mac…

…Apple <a href="https://support.apple.com/en-us/HT205220">documents this process</a>, so it’s clearly a deliberate decision rather than a bug.

It seems likely that Apple is balancing convenience against security here, taking the view that anyone who has the device passcode usually has legitimate access to the device. The new behavior would be helpful to anyone who forgot their encrypted backup password, as well as families of anyone who passed away but had shared their passcode with family members.

My personal view is that the change makes sense. The risk created by it is real edge-case stuff: someone has physical access to my device and knows my passcode. The benefit is that there’s an escape plan for the many people who forget rarely-used passwords – like, in this case, an encrypted backup password that is typically only needed when upgrading devices.</p>


Elcomsoft has a point. Question is, how many people give up their passcode to those they shouldn't?
elcomsoft  apple  passcode 
december 2017 by charlesarthur
Apple Face ID Security
It notes that there may be special difficulties for children under 13 (potential implications for education use)
apple  faceid  unlock  passcode  security 
september 2017 by WBedutech
Passcode: The Ultimate Guide | iMore
How do you change the passcode on your iPhone or iPad? Switch to a longer number or stronger password? How do you turn it off? Here's what you need to know!
guide  ios  passcode  security  tip 
april 2017 by pitiphong_p
xkcd Password Generator
xkcd Password Generator: A safe and easy password to remember
passcode  password  generator  xkcd 
january 2017 by habi

« earlier    

related tags

****  1password  1password_pro  1password_touch  2  2011  2016  2017-09-12  2017-09-14  2018  5.0  5c  8bit  @chronic  accessibility  acoustic  activation  adobe  alarm  album  and  android  android6  animation  app  apple  application  at&t  authentication  authentification  autorisation  back  backdoor  balace  basic  before  bluetooth  book  bookmarks_bar  bookmarks_toolbar  boot  bypass  calm  cartoon  chaos  child  cisco  citrix  cleverpin  clock  cocoapod  code  combination  contect  content_goes_here  crack  crowdsourcing  cyber  cydia  data  debunked  decode  defeat  defense  delicious  designer  disable  disk  door  duo  ease  elcomsoft  email  encryption  english  exchange  exploit  face  faceid  factor  fbi  findmyiphone  finger  fingerprint  fixes  flaw  for  forensics  forgot  forgotten  framework  free  freemypdf  generation  generator  george_hotz  get  github  google  grc  guide  guided_access  guidedaccess  hack  hacking  hacks  haha  hints  hire  hostcode  howto  hybrid  ibm  icloud  imported_from_firefox  in  information  internet  ios  ios11  ios7  ios8  ios9  ios_devices  iosdev  ipad  iphone  iphone4s  iphone5  iphone_4  iphone_4s  ipod  itouch  itunes  jailbreak  jb  kali  key  keychain  keystore  lib  lifehacker  limera1n  list  lock  lockout  lockscreen  mac  mail  mechanical  micro_systemation  military  mirroring  mmm  mobile  mobileme  more  movie  music  my  naming  native  news  nolockscreen  number  obfuscation  off  ohoh  oliver  or  ouch  parental_controls  parentalcontrols  pass  passcodes  password  passwords  pdf  pentest  phone  pin  print  privacy  programming  protected  psd  ram  rce  reactjs  recovery  releases  removal  remove  removes  restore  restrictions  root  screen  secure  security  selinux  set  setting  settings  siri  skip  smartphones  sms  software  soundtrack  ssh  stanford  steve_gibson  strategy  superhub  technique  teleconference  the  theos  tip  tips  today's  todo  tools  top  touch  touchid  tv  tweak  twitch  two  unlock  updates.  updates  upgrade  use  utilities  viewable  virgin  vulnerabilities  vulnerability  warrant  waze  web  webapp  website  whatever  why  wifi  will_strafach  windows  wordlist  words  wpa-psk  wpa  wpa2  wps  xkcd  xry  you 

Copy this bookmark:



description:


tags: