Resolved Passcode failed attempts, scary!

PNutts · Sep 11, 2013

Armen said:
Are you not following this thread? OP says you can try to enter a pin code 10 times in a row with no duration increase in attempts. If you set your 10th fail = wipe..a random person can pick up your phone and fail the pin 10 times and wipe it in under a minute.

Take the attitude down a notch. What you describe is not a security flaw. It's how it works now. Is it a bug? Maybe. Is it desirable? No. My guess it has something to do with Touch ID. Other folks are reporting there are delays so it's premature to talk about emergency patches.

In the security realm once you've lost physical control of a device then almost anything is possible. For this issue, until it's understood I recommend a current iTunes and / or iCloud backup.

Heck, tonight I might even try it with wipe turned on. Restores don't take long.

Armen · Sep 11, 2013

PNutts said:
Take the attitude down a notch. What you describe is not a security flaw. It's how it works now. Is it a bug? Maybe. Is it desirable? No. My guess it has something to do with Touch ID. Other folks are reporting there are delays so it's premature to talk about emergency patches.

In the security realm once you've lost physical control of a device then almost anything is possible. For this issue, until it's understood I recommend a current iTunes and / or iCloud backup.

Heck, tonight I might even try it with wipe turned on. Restores don't take long.

my apology for the attitude. This bug does give a would be thief or unauthorized person multiple shots at the pin code without having to wait X amount of minutes between failed attempts.

C DM · Sep 11, 2013

Armen said:
my apology for the attitude. This bug does give a would be thief or unauthorized person multiple shots at the pin code without having to wait X amount of minutes between failed attempts.

Seems like the bug isn't there based on my testing.

adnbek · Sep 11, 2013

C DM said:
Just tried it again with a simple passcode and it took over 10 attempts to get it to come up. However, I realized that in order to test this quickly I entered the same wrong passcode a number of times, so now I'm thinking maybe it's actually based not on just absolute count of attempts, but on the count of unique attempts--so basically different passcodes. Going to try this in a bit again with each one being a different passcode to see if that makes a difference.

Hey, you're right! No wonder it wasn't working. So in iOS7 it disregards multiple attempts of the same passcode. Unique attempts did disable my phone at the right intervals and after the right number of times. Awesome catch!

Now I wanna test if if it disregards duplicate attempts even if not done in succession. That, hopefully, it does not do. Better to slow a thief down as much as possible I say.

PNutts · Sep 11, 2013

Armen said:
my apology for the attitude. This bug does give a would be thief or unauthorized person multiple shots at the pin code without having to wait X amount of minutes between failed attempts.

No worries. Agreed, a four digit pin with no erase and no delay is no protection at all. Might as well not even have one.

C DM said:
Seems like the bug isn't there based on my testing.

Same here. iPhone 5 iOS 7 GM, simple PIN, erase after 10 attempts turned on, updated from iOS 6.1.4 to iOS 7 GM. Sunny and 90 degrees.

Sixth attempt disabled the phone for 1 minute. The seventh attempt disabled it for five minutes. I didn't want to disable it longer than that.

So let's keep talking about it. What did the OP do that didn't activate the delays? Maybe there is a bug in there somewheres but it doesn't affect everyone.

Edit: Oops. The solution was posted while I was testing and typing.

adnbek · Sep 11, 2013

C DM said:
OK, just tried it again with unique different passcodes, after entering the 5th one wrong the phone got disabled for 1 minute. Attempted to enter a wrong password again, and right after the 1st wrong attempt the phone got disabled again (looks like for the longer 5 minutes this time).

It looks like this feature is still working correctly, although perhaps was updated to only account for actual different unique attempts (since repeating the same passcode doesn't really help you break in), if that wasn't working like that before.

Yep. Confirmed on my end too.

I hope though that duplicate attempts not done in succession are still counted. Say I try 0000 then 1023, then again 0000. It SHOULD count 0000 twice anyway. Better it get disabled faster as someone going by brute force may still input identical codes but not necessarily in succession.

C DM · Sep 11, 2013

adnbek said:
Hey, you're right! No wonder it wasn't working. So in iOS7 it disregards multiple attempts of the same passcode. Unique attempts did disable my phone at the right intervals and after the right number of times. Awesome catch!

Now I wanna test if if it disregards duplicate attempts even if not done in succession. That, hopefully, it does not do. Better to slow a thief down as much as possible I say.

I believe it might disregard them even if not in succession. Realistically, if it's the same previously attempted code, it doesn't really give an advantage if it's tried multiple times, in succession or not, so not counting it more than once doesn't seem like a big deal as far as it won't really help in cracking the code and open the phone.

I think having the thief enter the same thing many times would likely be enough of a slow-down making the thief that much more frustrated that so many attempts (the duplicates of which are totally unnecessary) are still not going through and wasting his/her time.

adnbek · Sep 11, 2013

C DM said:
I believe it might disregard them even if not in succession. Realistically, if it's the same previously attempted code, it doesn't really give an advantage if it's tried multiple times, in succession or not, so not counting it more than once doesn't seem like a big deal as far as it won't really help in cracking the code and open the phone.

I think having the thief enter the same thing many times would likely be enough of a slow-down making the thief that much more frustrated that so many attempts (the duplicates of which are totally unnecessary) are still not going through and wasting his/her time.

I disagree and thankfully so does Apple.

Duplicate attempts not in succession are still counted. Just tested by using 0000, and repeating 0000 in between unique attempts. Still disables after the 6th.

I'd rather they be locked out more often than not. Bigger waste of time for them that they get locked out faster rather than slower.

C DM · Sep 11, 2013

adnbek said:
I disagree and thankfully so does Apple. Duplicate attempts not in succession are still counted. Just tested by using 0000, and repeating 0000 in between unique attempts. Still disables after the 6th.

I'd rather they be locked out more often than not. Bigger waste of time for them that they get locked out faster rather than slower.

Well, I'd be good with it either way, so that works. :apple:

GreyOS · Sep 12, 2013

Ok so only unique attempts count towards the 6 which lead to it being temporarily disabled.

Is anyone willing to confirm if it's only unique attempts which count towards the 10 which erase data?

Topher227 · Sep 12, 2013

Edit: Maybe I should actually read the whole thread before posting...

https://forums.macrumors.com/threads/1616719/

I guess this is more of a FEATURE than a bug? I didn't realize Apple was pulling a Sony here.

Search

Search

Resolved Passcode failed attempts, scary!

PNutts

macrumors 601

Armen

macrumors 604

C DM

macrumors Sandy Bridge

adnbek

macrumors 68000

PNutts

macrumors 601

adnbek

macrumors 68000

C DM

macrumors Sandy Bridge

adnbek

macrumors 68000

C DM

macrumors Sandy Bridge

GreyOS

macrumors 68040

Topher227

macrumors regular

Our Staff