Resolved Passcode failed attempts, scary!

Discussion in 'iOS 7' started by adnbek, Sep 11, 2013.

  1. adnbek, Sep 11, 2013
    Last edited: Sep 11, 2013

    adnbek macrumors 65816

    adnbek

    Joined:
    Oct 22, 2011
    Location:
    Montreal, Quebec
    #1
    In previous iOSes, a few failed attempts would lead to the phone being locked out, for incrementally longer and longer periods of time, slowing down the number of attempts one can make at any given time.

    Why was this removed? I find it very useful as it makes it harder to brute force your way through AND if you activate "Erase after 10 failed attempts" it would still take a while for someone to do so.

    Now, anyone can pick up your phone, quickly do 10 attempts and wipe your phone!
     
  2. GreyOS macrumors 68030

    GreyOS

    Joined:
    Apr 12, 2012
    #2
    More wow, never noticed this. This is terrible.

    My work email exchange enforces erasing of data after just 8 failed attempts too... I hope no one I know hears about this and does it as a joke!
     
  3. Armen macrumors 604

    Armen

    Joined:
    Apr 30, 2013
    Location:
    127.0.0.1
    #3
    If what I'm seeing today is indeed true than it looks like the final release will have more fixes than the GM. A security flaw like the pincode problem can't wait for 7.0.1. It should be patched sooner in an emergency update.
     
  4. WolfSnap, Sep 11, 2013
    Last edited: Sep 11, 2013

    WolfSnap macrumors 6502a

    Joined:
    Sep 18, 2012
    Location:
    SoCal
    #4
    I just tried it.. I get an 'iPhone is disabled' message after 6 wrong PINs. Then, disabled again after another single attempt. I didn't keep going, but, I'm sure it'll lock out for longer and longer periods of time... Are you not seeing that?

    Seems to follow the iOS 6 lockout pattern: http://cinnamonthoughts.org/2010/09/13/ios-passcode-waiting-intervals-for-failed-attempts/
     
  5. Tyler23 macrumors 603

    Tyler23

    Joined:
    Dec 2, 2010
    Location:
    Atlanta, GA
    #5
    Just don't turn that on? After 5 or 6 attempts it locks you out. It only wipes your phone after 10 attempts if you have that feature turned on.
     

    Attached Files:

  6. WolfSnap macrumors 6502a

    Joined:
    Sep 18, 2012
    Location:
    SoCal
    #6
    I never turn on the 'wipe device after 10 attempts'.. I'd rather control when to wipe from iCloud. Plus, with the new activation lock, my iPhone will be a door-stop. :)
     
  7. adnbek thread starter macrumors 65816

    adnbek

    Joined:
    Oct 22, 2011
    Location:
    Montreal, Quebec
    #7
    Yeah and I'm definitely turning off "Erase after 10 failed attempts" until this is fixed.
     
  8. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #8
    Took me about 8 wrong attempts before I got the message that the iPhone is disabled, without any timer as to how long it is disabled for. Kind of strange. And about a minute or two later it looks like the message is gone and I can use the phone again.
     
  9. adnbek thread starter macrumors 65816

    adnbek

    Joined:
    Oct 22, 2011
    Location:
    Montreal, Quebec
    #9
    Even if it's off, it's easier to brute force your way in if you're not being slowed down from previous failed attempts.

    ----------

    It wasn't doing it with me at all. I turned off "Erase..." to test it and I could keep making up pins over and over (stopped at around 15x) and it never once got disabled.
     
  10. ominx macrumors 6502

    Joined:
    Jun 23, 2010
    #10
    Are you using a simple passcode (4 digit PIN) or one with a custom length with mixed characters?

    I can confirm I too do not get locked out with a custom passcode.
     
  11. Thierry ba macrumors 6502a

    Joined:
    Apr 10, 2012
    Location:
    Sarajevo, Bosnia
    #11
    It will not wipe your iPhone unless you turn it on in settings.
     
  12. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #12
    Did that apply the same way to both passcodes and passwords before? And now its different in some way?
     
  13. ominx macrumors 6502

    Joined:
    Jun 23, 2010
    #13
    I'm not sure actually. I only changed to a password with iOS 7.
     
  14. GreyOS macrumors 68030

    GreyOS

    Joined:
    Apr 12, 2012
    #14
    You don't always have the option to turn it off as some Exchange accounts enforce it.
     
  15. campingsk8er macrumors 6502

    Joined:
    Feb 4, 2011
    Location:
    Elizabethtown, PA
    #15
    It's been this way the entire Beta process (from Beta 1 all the way to the GM now). The only thing that is different between iOS 7 lock process and pre-iOS 6 is that before, you would get locked out for 1 minute after 10 wrong attempts, and then for each successive attempt, it would go to 5 mins, 15 mins, 60 mins, and then I don't know what. I never pushed it past that. In iOS7, after like 8 wrong attempts, your locked out for about a minute and it just keeps repeating that. I'm not trying to compare at all, but Android is like this as well.
     
  16. PNutts macrumors 601

    PNutts

    Joined:
    Jul 24, 2008
    Location:
    Pacific Northwest, US
    #16
    What security flaw like the pincode problem are you referring to? I haven't heard of anything and want to know what the risk is. Thx.
     
  17. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #17
    Actually it was after 5 (or essentially 6) attempts in iOS 6 and before, as mentioned in the link posted earlier in the thread: http://cinnamonthoughts.org/2010/09/13/ios-passcode-waiting-intervals-for-failed-attempts/
     
  18. Armen macrumors 604

    Armen

    Joined:
    Apr 30, 2013
    Location:
    127.0.0.1
    #18
    Are you not following this thread? OP says you can try to enter a pin code 10 times in a row with no duration increase in attempts. If you set your 10th fail = wipe..a random person can pick up your phone and fail the pin 10 times and wipe it in under a minute.
     
  19. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #19
    I definitely got locked out at least on the 8th attempt.
     
  20. adnbek thread starter macrumors 65816

    adnbek

    Joined:
    Oct 22, 2011
    Location:
    Montreal, Quebec
    #20
    Simple passcode in my case.

    ----------

    Thanks, we know this. And it's irrelevant.
     
  21. Armen macrumors 604

    Armen

    Joined:
    Apr 30, 2013
    Location:
    127.0.0.1
    #21
    what duration between attempts? it's supposed to be:

    1min
    5min
    15min
    30min
    1 hour.
     
  22. C DM, Sep 11, 2013
    Last edited: Sep 11, 2013

    C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #22
    Just tried it again with a simple passcode and it took over 10 attempts to get it to come up. However, I realized that in order to test this quickly I entered the same wrong passcode a number of times, so now I'm thinking maybe it's actually based not on just absolute count of attempts, but on the count of unique attempts--so basically different passcodes. Going to try this in a bit again with each one being a different passcode to see if that makes a difference.

    ----------

    After the 8th attempt that time, since this was the first lockout, I got locked out for what seems like 1 minute (no information was actually available as to the length of the lockout, but it was back to normal in about a minute). Just got locked out a second time and it was for 5 minutes (again, without any time information actually displayed). So the intervals seem to be about the same (at least the first ones).
     
  23. kultschar macrumors 6502a

    Joined:
    Mar 26, 2010
    #23
    Did I not read somewhere that thieves will no longer be able to wipe phones e.g. you can only wipe with authorisation etc on iOS7 or was that only on new iPhone?
     
  24. Armen macrumors 604

    Armen

    Joined:
    Apr 30, 2013
    Location:
    127.0.0.1
    #24
    Ya see that's not working properly. the first lockout after a failed attempt is 1min before you can try again. Enter your pin wrong 3 times in a row there and your next try is in 5 minutes...then 10 minutes...then 30 minutes..eventually I think its 24 hours.
     
  25. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #25
    OK, just tried it again with unique different passcodes, after entering the 5th one wrong the phone got disabled for 1 minute. Attempted to enter a wrong password again, and right after the 1st wrong attempt the phone got disabled again (looks like for the longer 5 minutes this time).

    It looks like this feature is still working correctly, although perhaps was updated to only account for actual different unique attempts (since repeating the same passcode doesn't really help you break in), if that wasn't working like that before.
     

Share This Page