![]() ![]() From this point on, everything is compromised. In this specific case, the fact that it happened so quickly – Find My iPhone was turned off less than two hours after the theft, before the iPhone owner could get to a computer and send the command – suggests that they didn’t have to work hard to get the phone’s passcode. While you think you’re protected with Find My iPhone, which allows you to remotely lock or erase your device, once someone has your iCloud password they can deactivate this feature. Thief turns off Find My iPhoneĪt this point, the game is over. (If you use a different browser, this password will be accessible in that browser.) 4. ![]() If you allow Safari to save the password, then it’s accessible to anyone with your passcode. While you mostly enter that password in dialogs, you’ve almost certainly used it on the web to manage your Apple ID, create app-specific passwords, or log into. ![]() You may not realize it, but your iCloud password – the one connected to your Apple ID – is almost certainly in your keychain. (On Mac, you can access these in the Keychain Access app, or, for website passwords, in Safari > Preferences > Passwords.) 3. Enter the passcode, and you can now access everything. Go to Settings > Passwords & Accounts > Website & App Passwords. On iOS, once you have the passcode, you can access all the passwords stored in iCloud Keychain. In this case, the owner of the iPhone quickly activated Lost Mode, which, according to Apple, locks the device with its passcode, and deactivates Apple Pay, but doesn’t prevent access to someone who has the passcode already. ![]() It’s worth noting that the same thing can happen on a Mac, if someone gets your password, though it’s rare that people use a six-digit numeric password on a computer. Was it a brute-force attack with a GrayKey or similar device? Or did someone shoulder-surf and spot the person’s passcode before the theft? In any case, once someone has the passcode, all bets are off, as you’ll see below. We don’t know how the thief broke into this stolen iPhone. Here’s what can happen, and why you should change your passcode to something more secure (I’ll explain how below). If someone can get your passcode, none of the other advanced security features on your iPhone, or in iOS, can protect you the dominoes that secure your life will fall very quickly. All you need is the device passcode to access all of the passwords in iCloud keychain. It simply never occurred to me that if a thief (or law enforcement, or any adversary) has the device passcode, and your iCloud password is in your keychain, they can get your iCloud password from your keychain. It’s also easier for a would-be thief to snoop a target entering a 6-digit passcode than an alphanumeric passphrase. We know GrayKey exists, and if it exists, thieves could have it. Did the thieves crack his 6-digit passcode with a GrayKey or GrayKey-like device? Impossible to say. This is an interesting but alarming story. As John Gruber points out in his comments: And if someone gets access to your passcode, the damages can be severe.ĭaring Fireball recently highlighted a story told by Henrique Prange on Twitter, who recounted that his friend’s iPhone was stolen, which led to the loss of $30,000 from his bank, and an additional $2,500 spent on Apple’s App Store. While six digits may seem secure, because there are one million possibilities for such a passcode, there are ways to crack passcodes. But for most people, Touch ID and Face ID are just convenient layers on top of a six-digit passcode. IPhones and iPads have excellent security, and features such as Touch ID and Face ID help ensure that your data is protected. Security & Privacy If Hackers Crack a Six-Digit iPhone Passcode, They Can Get All Your Passwords ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |