apple Now We Know — Apple Can Unlock iPhones, Here's How to Hack-Proof your Device

[vissha]

Now We Know — Apple Can Unlock iPhones, Here's How to Hack-Proof your Device

 

 

Apple has been asked to comply with a federal court order to help the FBI unlock an iPhone 5C by one of the terrorists in the San Bernardino mass shootings that killed 14 and injured 24 in December.

 

The FBI knows that it can not bypass the encryption on the iPhone, but it very well knows that Apple can make a way out that could help them try more than 10 PINs on the dead shooter's iPhone without getting the device's data self-destructed.

 

Although Apple refused to comply with the court order and has always claimed its inability to unlock phones anymore, the FBI so cleverly proved that Apple does have a technical way to help feds access data on a locked iOS device.

 

And this is the first time when Apple has not denied that it can not unlock iPhones, rather it simply refused to build the FBI a Backdoor for the iPhone, in an attempt to maintain its users trust.

 

So, now we know that Apple is not doing so, but it has the ability to do so.

 

Now, when you know there are chances that your unlocked iPhone can be accessed by the government even if you have enabled "Auto-Destruct Mode" security feature on your device, you need to protect your iPhone beyond just 4/6-digit passcode.

 

How to Hack-Proof your iPhone?

 

Yes, it is possible for you to protect yourself from government snooping just by setting a strong passcode on your iPhone — passcode that the FBI or any government agency would not be able to crack even if they get iPhone backdoor from Apple.

 

Without wasting much of your time, here's one simple solution:

• Simply Set at least random 11-digit numeric passcode for your iPhone.

 

Here's why (FBI Can't Crack It):

 

There is only one way, i.e. Brute Force attack, to crack your iPhone passcode. This is what the FBI is demanding from Apple to create a special version of iOS that increases the brute force attempts and ignores the data erasure setting.

 

iPhones intentionally encrypt its device's data in such a way that one attempt takes about 80 milliseconds, according to Apple.

 

So, if your iPhone is using a 6-digit passcode and there are 1 Million possible combinations as a whole, it would take maximum time of 22 hours or on average 11 hours to successfully unlock iPhone.

 

However, if you are using a longer passcode such as a random 11-digit passcode, it will take up to 253 years, and on average 127 years to unlock iPhone.

 

Doing so will make the FBI or any other agency unable to unlock your iPhone; not unless they have hundreds of years to spare.

To set a strong passcode, click 'Passcode options,' select 'Custom numeric code,' and then enter your new but random passcode.

 

Things to Avoid While Setting a Passcode

1. Do Not Use a Predictable Passcode: Avoid choosing a predictable string such as your birth dates, phone numbers, or social security numbers, as these are first priorities of attackers to try.
2. Do Not Use iCloud Backups: Avoid using an iCloud backup because doing so will enable the attacker to get a copy of all your iPhone’s data from Apple’s server, where your passcode no longer protects it. This will eliminate the need to guess your passcode.
3. Do Not Use Your Fingerprint: We have seen data breaches that had exposed fingerprints online and also, it is easy to bypass Apple Touch ID Fingerprint scanner. Even fingerprints can be collected from a suspect's corpse. So, using fingerprint security feature could also end up unlocking your iPhone in less time.

 

So, by choosing a strong passcode, the FBI or any other agency will not be able to unlock your encrypted iPhone, even if they install a vulnerable version of iOS on it.

 

Warning: You need to remember your passcode, whatever you set, because no one except you would be able to unlock your iPhone. Once you forgot your passcode, there is nothing you can do to get your important data and even access to your iPhone back.

 

Source

[steven36]

31 minutes ago, vissha said:

 

Apple has been asked to comply with a federal court order to help the FBI unlock an iPhone 5C by one of the terrorists in the San Bernardino mass shootings that killed 14 and injured 24 in December.

 

No  they have not been asked to unlock a phone,   they have been  asked to write software that the FBI can install  on ios 9 to help the fbi  to brute force there way in.

 

But yes the rest seems correct  i read setting  a strong  password  that  no one  can brute force in. But this is not about Apple unlocking phones its about the FBI  wants the means  to brute force  its way in phones .

[vibranium]

11 digits? Not on your life. With a special backdoor firmware and replicating the image on special hardware the compromise is complete -- bruteforcers can get through it in a few minutes.

 

In other words, if Apple loses or gives in to the request, this approach does not pose an additional hurdle.

[steven36]

29 minutes ago, vibranium said:

11 digits? Not on your life. With a special backdoor firmware and replicating the image on special hardware the compromise is complete -- bruteforcers can get through it in a few minutes.

 

In other words, if Apple loses or gives in to the request, this approach does not pose an additional hurdle.

Quote

Guido says; but a more complex six-character password composed of letters and numbers could take more than five-and-a-half-years, according to Apple.

 

Quote

Dan Guido, CEO of Trail of Bits, a company that does extensive consulting on iOS security.

Hes and expert  this is were they got the info  from  are you a expert on encryption ?

http://www.wired.com/2016/02/apples-fbi-battle-is-complicated-heres-whats-really-going-on/

 

[vibranium]

2 minutes ago, steven36 said:

 

Hes and expert  this is were they got the info  from  are you a expert on encryption ?

http://www.wired.com/2016/02/apples-fbi-battle-is-complicated-heres-whats-really-going-on/

 

 

Apple's iOS tech doc: The iteration count is calibrated so that one attempt takes approximately 80 milliseconds. This means it would take more than 5½ years to try all combinations of a six-character alphanumeric passcode with lowercase letters and numbers, or 2½ years for a nine-digit passcode with numbers only.

 

This is regular iOS on the phone. If they reflect the data out on specialized hardware, with specialized firmware, all bets are off. They could make the iteration count vanishingly small. You think they wouldn't do that for terrorists who are already dead, to find new leads?

 

So who's the expert now? Not me. You are.

 

 

[steven36]

24 minutes ago, vibranium said:

 

Apple's iOS tech doc: The iteration count is calibrated so that one attempt takes approximately 80 milliseconds. This means it would take more than 5½ years to try all combinations of a six-character alphanumeric passcode with lowercase letters and numbers, or 2½ years for a nine-digit passcode with numbers only.

 

This is regular iOS on the phone. If they reflect the data out on specialized hardware, with specialized firmware, all bets are off. They could make the iteration count vanishingly small. You think they wouldn't do that for terrorists who are already dead, to find new leads?

 

So who's the expert now? Not me. You are.

 

 

The reason  apple  dont want to  let the FBI  do this  has too do with business billions  of dollars are at stake regardless if using   strong password  would work are not no one can remember  very strong passwords no ways.

 

Billions at stake in Apple encryption case

Quote

Balanced against that is what the tech companies lose if they are seen to be doing the bidding of the FBI -- tens of billions of dollars and also the strong possibility of losing market share to other non-American tech companies, particularly software and cloud computing firms, around the world.

http://edition.cnn.com/2016/02/19/opinions/apple-vs-fbi-on-encryption-bergen/

 

If they wont make secure  products they are tons of people out there willing to take there place .You read that story  there you will see  most real terrorist already use encryption non USA based  on there phones .

 

Quote

Although the fight between American tech companies and the FBI hunting terrorists is undeniably important, to some degree it may also be increasingly moot.

ISIS' key social media-encrypted platform is Telegram, which is engineered by a Berlin-based tech company that can simply ignore the rulings of American federal judges as well as legislation passed by the U.S. Congress.

ISIS also advocates to its followers to use the "dark Web" Tor browser, which disguises users' IP addresses and is not controlled by any American tech company.

In other words, once again, technology is outrunning the ability of both law enforcement and legislation to keep pace with it.

 

 

[knowledge-Spammer]

technology is outrunning the ability of both law enforcement  its a good thing right