Apple Responds to Report About Thieves Spying on iPhone Passcodes to 'Steal Your Entire Digital Life'

[centauratlas]

Yes, [the thought of] getting locked out of my Apple ID is the biggie, since I migrated everything mission critical to that email address over the years and later put my important documents in the iCloud Drive tied to that ID. [and put almost all of my passwords in the keychain for that ID.]

While I would feel violated about having my phone stolen, I could get a new phone immediately. Undoing the damage of being locked out of my ID would be painful. I’m going to spend the weekend either protecting that ID or making it less potent.

And if you use iCloud Photos, they could delete everything or lock you out of everything. You definitely need a backup, that is not tied into it. And if they have your phone and reset your AppleID password, couldn't they then lock and remote wipe your Mac(s) and other devices? Documents, photos, everything.

Even with a full copy on a different Mac, you'd be screwed if it was signed into your iCloud account.

Would you be locked out of your Time Machine backups? (Not sure).

 

[bluecoast]

Who enters their passcode manually in a public place?
This is a narrative started by apps like 1password I suspect 😏

If you wear a mask and have an older phone without FaceID face mask support and want to pay with Apple Pay, it asks you for the passcode.

Twice if your phone is locked (once to unlock the phone and the next for Apple Pay).

 

[anthogag]

Currently it’s 2 failed attempts at FaceID then it switches to number pad input. Give me the option to keep trying FaceID.

 

[I7guy]

The problem is that this low level attack, because of Apple’s security flaw, can keep you out of your Apple ID account permanently, before you have a chance to intervene.

It’s not a security flaw no matter how you present it. It’s very easy to criticize and much harder to understand why this is the way it is. Do you not think apple doesn’t have a specialized team of people working with product designers to understand the different scenarios. It’s very easy to be Monday morning quarterbacks. I’m not saying apple won’t attempt to plug this up, but at some point even with a yubi key someone pointing a gun at your head could get what they want.

 

[bluecoast]

"Stupid is as stupid does" - comes to mind, 4 digit "passcode", really?

Isn't the flaw that Apple still allows 4 digit passcodes though?

 

[I7guy]

Currently it’s 2 failed attempts at FaceID then it switches to number pad input. Give me the option to keep trying FaceID.

Let’s say your being held against your will and an actor has your phone trying to authenticate with Face ID, what would you want.

It’s about striking a balance between usability and security. Apple will never be able to plug up every scenario that a ne’er dowell would come up with.

 

[collin_]

This is why I disagree with the users on here who keep saying passcode is more secure and stop using Face ID if you don't want people to take your phone and point it at you, etc. Perhaps the passcode is technically more secure, but it is practically way less secure. Face ID is secure especially if you enable "attention required." Always use Face ID. Never enter your passcode in public unless you are sure no one is looking at your screen (and to be extra secure, that no camera overhead is looking down at you).

Apple is not innocent either. Somehow they think it makes the phone more secure to occasionally demand your passcode at the most inconvenient times. This is way less secure. I have been asked for the passcode while in public and I actually waited until I went to a private location before entering it. Ask for it every restart, fair. But if the phone has been on and there are no multiple failed Face ID attempts, DO NOT ask for the passcode.

Well, a passcode is more secure, but only if you use a good one and the 6-digit PINs Apple prompts users to use are definitely not good ones...

 

[bluecoast]

Just more fear mongering and click baiting by tech journalists pretending that some problem is somehow unique to Apple. Explain to me what Android does to stop someone from shoulder surfing your PIN on those devices, stealing your phone out of your hands, and finding a picture of your SSN and using it to open credit cards in your name. Oh, nothing more than what Apple does? Ok, thanks.

I think it's a valid story.

They're making the point that:

- Apple has (perhaps) erred too much on the side of seamless convenience / UX
- And that our entire digital lives are on our phone and if someone gets access to your phone and passcode, you could lose all of your iCloud content + any 3rd party services where you only have credentials in your iCloud Keychain.

To me that's important to draw attention to.

And I'll be willing to bet that Apple makes it so that you need both your passcode and your iCloud password to make a new iCloud passcode in 16.5 (maybe even 16.4).

 

[sk1ski1]

It’s not a security flaw no matter how you present it. It’s very easy to criticize and much harder to understand why this is the way it is. Do you not think apple doesn’t have a specialized team of people working with product designers to understand the different scenarios. It’s very easy to be Monday morning quarterbacks. I’m not saying apple won’t attempt to plug this up, but at some point even with a yubi key someone pointing a gun at your head could get what they want.

Fixing security holes and oversights is all about Monday morning quarterbacks! Happens all the time, even with Apple. Your opinion is just an opinion. But I would bet that MOST security concise people would disagree with you. And you are right, I bet Apple will fix it.

 

[Black Belt]

What kind of degenerate places are these people going to being robbed like that?

 

[I7guy]

I think it's a valid story.

They're making the point that:

- Apple has (perhaps) erred too much on the side of seamless convenience / UX
- And that our entire digital lives are on our phone and if someone gets access to your phone and passcode, you could lose all of your iCloud content + any 3rd party services where you only have credentials in your iCloud Keychain.

To me that's important to draw attention to.

And I'll be willing to bet that Apple makes it so that you need both your passcode and your iCloud password to make a new iCloud passcode in 16.5 (maybe even 16.4).

It’s important to draw attention to this as it’s easy to mitigate the social engineering aspect of it.

Maybe apple will change something maybe they won’t.

 

[collin_]

What kind of degenerate places are these people going to being robbed like that?

Bruh what? "Degenerate"? The only footage I've seen of this happening was literally at fancy restaurant in Manhattan.

 

[dk001]

It’s not funny how Apple’s security flaw foolishly allows your Apple ID password to be reset by your device passcode. A code that most people at one time or another type in public and is subject to snooping. It’s an easy low level attack that can potentially take over not just your Apple account, but all your other accounts.

Guess that explains why this type of attack is 95% iPhone and 5% Android.

 

[Michael Scrip]

And I'll be willing to bet that Apple makes it so that you need both your passcode and your iCloud password to make a new iCloud passcode in 16.5 (maybe even 16.4).

That sounds reasonable.

It's not something you need to do often... so it's OK if you have to type in two codes. I think all this important stuff should be behind two locks.

But a stranger should not be able to get super-user access if they simply spy your PIN.

 

[I7guy]

Fixing security holes and oversights is all about Monday morning quarterbacks! Happens all the time, even with Apple. Your opinion is just an opinion. But I would bet that MOST security concise people would disagree with you. And you are right, I bet Apple will fix it.

Yes, these are all opinions, but I’ll bet apple envisioned this scenario along this line. I agree someone shouldn’t be able to get to your stuff via social engineering and that is easily mitigated. Someone holding a gun to your head is not.

Whether or not apple fixes this remains to be seen. They have to do this across the ecosystem and still support every version of iOS that is activated.

This is still an edge case scenario and no security is 100%. And yes, it’s easy to be a Monday morning quarterback.

 

[bluecoast]

I'm far from being a security expert - which I'm probably about to plainly reveal here, but maybe it's time that we have a hash of your FaceID recognition data uploaded to iCloud i.e. so you can recover / authenticate your data using faceID?

Iris and voiceprints too as additional alternative (or mandatory) authentication steps? Along with hashes on iCloud of these?

I know that there would be accessibility issues but surely this would be a good solution for most people?

I guess what I'm trying to say here, is that a passcode / password is surely a weak link and 100% use of biometrics is surely a better way to authenticate identity?

 

[dk001]

I'm glad you brought that up. But, that is not true in my case. I have two factor on, and I have to acknowledge access thru another device to continue. 14 Pro, Face ID, 6 code, latest iOS, and two factor on. Good article for the ones that think that they are protected with a 4 digit passcode, or no passcode or no Face ID etc.

There are a lot of folks that own an iPhone and not the remainder of the Apple lineup.

 

[dk001]

They can withdraw the maximum allowed amount of cash, but they can’t use your pin to put the account in their own name and remove you from having access to the bank.

Take you off your account? That is a no. Good point.
If you have the app on device and they go in via Password and Zelle ( or similar) out or transfer.

 

[sk1ski1]

Yes, these are all opinions, but I’ll bet apple envisioned this scenario along this line. I agree someone shouldn’t be able to get to your stuff via social engineering and that is easily mitigated. Someone holding a gun to your head is not.

Whether or not apple fixes this remains to be seen. They have to do this across the ecosystem and still support every version of iOS that is activated.

This is still an edge case scenario and no security is 100%. And yes, it’s easy to be a Monday morning quarterback.

Not sure what you mean by still support every version of iOS? It just needs to be changed on a future release of iOS for the iPhone and iPad. Yes, of course previous versions of iOS will still have this flaw. Just like previous versions of iOS have numerous other security flaws that have been fixed with later releases...by the Monday morning quarterbacks

 

[MrTangent]

Seems like a nuclear solution to a small petty crime. How about more education, and a better social net or system that aids people so they don’t need to rob and get killed by trigger happy people? Most countries go done this route, and have very very little gun murders. Rather than just arm everyone and see what happens.

If you read the article, one person lost $10,000 due to the phone being stolen (in addition to being assaulted). I don’t know about you, but losing $10k would mean I’d likely lose my house. Besides, all the utopian future education in the world isn’t going stop the actual crime that’s happening in real time.

Have you seen the yearly FBI crime statistics? Yeah, I’m not taking any chances. Again, don’t want shot, don’t assault innocent people. Simple, really.

 

[MilaM]

Security is always about tradeoffs. If Apple thinks most users are better off with lax security that's fine. But then give us the option to improve the security of dour iPhone, if we wish so.

I thought security keys could be one way, but apparently that's not the case.

 

[I7guy]

Not sure what you mean by still support every version of iOS? It just needs to be changed on a future release of iOS for the iPhone and iPad. Yes, of course previous versions of iOS will still have this flaw. Just like previous versions of iOS have numerous other security flaws that have been fixed with later releases...by the Monday morning quarterbacks

We’ll see apples’ response, if they have one in 16.4 or 16.5 or iOS 17.

 

[I7guy]

If you read the article, one person lost $10,000 due to the phone being stolen (in addition to being assaulted). I don’t know about you, but losing $10k would mean I’d likely lose my house. Besides, all the utopian future education in the world isn’t going stop the actual crime that’s happening in real time.

Have you seen the yearly FBI crime statistics? Yeah, I’m not taking any chances. Again, don’t want shot, don’t assault innocent people. Simple, really.

If you were being assaulted my guess is you give up everything to save your life. In this case all the security in the world wouldn’t help. Of course you could use the phone and not have any financial apps or information or apple pay set up. I know people who use an iPhone like that. The most a thief would get is the weekly Costco circular.

But the article makes good points about protecting your assets.

 

[RagingHamster]

I don't have ✋✋✋ (while standing)🤔

iPhone Mini lends a hand.

 

[sk1ski1]

Lots of good discussion of this topic over on Reddit:

https://www.reddit.com/r/apple/comments/11awqv5