Apple Responds to Report About Thieves Spying on iPhone Passcodes to 'Steal Your Entire Digital Life'

[BobSc]

Who enters their passcode manually in a public place?
This is a narrative started by apps like 1password I suspect 😏

Incredibly absurd conjecture. Nonsense like this just makes my blood boil and encourages me to stop reading MR. You have absolutely no evidence to support that claim. Seems like some just like to spread misinformation and create chaos. Why would anyone want to do this? Oops, silly question.

 

[Apple$]

I'm glad I don't have all my eggs in the same Apple basket when it comes to devices! Plus, my phone is an midrange Samsung so less apt to get stolen. 😝

 

[juxr]

Im astounded by the comments blaming the users and not bad design by Apple, so lets get things straight:

1.- FaceID does not work all the time and sometimes you need to enter passcode while maybe distracted.
2.- Even with a long passcode, they are recording it so they can reproduce it easily.
3.- Someone with a passcode to a device should NOT be able to remove the security keys and change the password of the icloud account. Apple should ask master password or biometrics without passcode for certain changes.
4.- It is a passcode for the DEVICE and NOT for the entire appleiD account.


The recent adition of security keys to increase the security of appleID and that they can be removed with just access to a device is a complete joke in security design.

 

[nwcs]

This article and the fact that apple needed to even respond just shows how brain dead our society is. If you let your password get “stolen” by someone watching you enter it, that is completely on the user. Doesn’t matter what device they have. how is that at all Apple or any device makers issue? NEWs ALERT. Secuity researchers determine that passwords are not secure if someone watches you enter it. Really? How long did that study take

and the irony is they recommend 1password that was recently hacked.

Overall I agree but I have not seen news of a successful 1Password hack. Please attach link.

 

[robertosh]

This is why I try to live in a more analog life !

 

[I7guy]

You just have to be careful when using your iPhone outside in public.
Apple needs to consider bringing back Touch-ID. Two Factor Authentication: Touch ID + Face ID simultaneously

The more difficult you make it to get into the phone, the more people are going to be permanently locked out. There is no easy answer except to be vigilant about your surroundings.

 

[strongy]

iPhone users still have four digit pins?! Wake up people !

theirs option for 6 digits or just a straight up alphanumeric password

 

[Apple$]

Apple should consider having a scrambled 4 or 6 digit layout on their OS.

 

[nwcs]

As Wilson Wilson, Jr once said:

“As the physicist Edward Teller told me over borscht at the Russian Tea Room, total security has never been available
to anyone. To expect it is unrealistic. To imagine that it can exist is an invite to disaster.”

 

[Reason077]

Who on Earth still uses iPhone passcodes? (Except once when you reboot…)

We’ve had Touch ID & Face ID for how many years now?!

 

[argentum47]

To all people saying Face ID: Face ID doesn’t help here. Currently all biometrics can be bypassed if someone knows the passcode in iOS, and that’s what this article is all about.

 

[mnsportsgeek]

This is why you should enable Face ID

Face ID doesn't help when the thief knows your passcode.

 

[anthogag]

I have seen it too many times. People input the passcode without caring about other people seeing it. This also happens with bank cards.

The article is a Stern warning.

 

[Reason077]

Some people even on here keep saying it's more secure. Even if it is technically more secure, it is practically way less secure.

Definitely not more secure if you are entering a passcode in a public place. Perhaps it’s more secure if both passcode and biometric were required, but I don’t think iOS has that option.

That’s also why contactless credit card payments are, counterintuitively, more secure than Chip & PIN … because every time you enter a PIN you are at risk of disclosing it.

 

[ignatius345]

...what, exactly, was the point of the 'report'?

The point is that some people might not put this together. People like probably everyone in this forum are at least fairly tech-oriented and understand the stakes -- but you have to realize there are a lot of very naive iPhone users out there, and just plain people who have gotten so familiar and comfortable with their phones they've stopped thinking about the magnitude of what can happen if it's breached.

 

[visualseed]

Turning off any iCloud setting (like Find my iPhone) or resetting the recovery key requires your iCloud password and not just the pin.

 

[Reason077]

Face ID doesn't help when the thief knows your passcode.

But the thief can’t get your passcode if you’re not using your passcode.

 

[GMShadow]

The point is that some people might not put this together. People like probably everyone in this forum are at least fairly tech-oriented and understand the stakes -- but you have to realize there are a lot of very naive iPhone users out there, and just plain people who have gotten so familiar and comfortable with their phones they've stopped thinking about the magnitude of what can happen if it's breached.

And those people read the Wall Street Journal?

 

[Mr. Dee]

I think the best solution is to make sure you always use Face ID in public and if its defaults to pass code, cancel then try Face ID again. If it keeps doing that, then be concious of who is around and cover your screen while entering the pass code.

 

[shakopeemn]

Im astounded by the comments blaming the users and not bad design by Apple, so lets get things straight:

1.- FaceID does not work all the time and sometimes you need to enter passcode while maybe distracted.
2.- Even with a long passcode, they are recording it so they can reproduce it easily.
3.- Someone with a passcode to a device should NOT be able to remove the security keys and change the password of the icloud account. Apple should ask master password or biometrics without passcode for certain changes.
4.- It is a passcode for the DEVICE and NOT for the entire appleiD account.


The recent adition of security keys to increase the security of appleID and that they can be removed with just access to a device is a complete joke in security design.

Yes Apple makes it way toooo easy to reset apple password. This weekend I took my wife's phone in to change battery and was required to turn off "find my device". After failing to remember her apple id password, I reset her apple account password simply by entering the device passcode.....

 

[therunningman]

Regardless of how a thief gets into your phone, it's NEVER a good idea to put your passwords in the cloud. I have never, and will never, use iCloud Keychain. No matter how convenient this seems, the price is waaaay too high if the keys to the kingdom fall into the wrong hands.

 

[antiprotest]

Face ID doesn't help when the thief knows your passcode.

Face ID is how you prevent the thief from knowing your passcode.

 

[ignatius345]

This isn’t a sign of iPhones being less secure, it’s a sign of increased desperation in an increasingly impoverished world.

And a sign of everyone putting all their eggs in one basket, so to speak. At this point an unlocked iPhone can allow access to money, open doors, unlock cars and provide unlimited fodder for blackmail... it's an incredibly tempting target.

 

[BootsWalking]

In the typical rush to defend Apple some have missed the forest for the trees - that it's simply too easy to reset an iCloud password using only a passcode. What benefit is there in having advanced security like Face ID and Touch ID if Apple lets users bypass that with a simple passcode? The solution is easy - require more factors before an iCloud password can be reset. For example, require either Face or Touch ID to be used in combination with the passcode when resetting the iCloud password.

 

[ignatius345]

And those people read the Wall Street Journal?

What's your point, exactly?