Compare cert salaries and plan your next career move
tpatt100 wrote: » Well I always thought of a pass code as a way to prevent snooping and to stop those less technical from accessing your phone. I never assumed it was fail proof especially if somebody gets a hold of the actual device.
RobertKaucher wrote: » It's just a 4 digit pin.. A 4 digit numeric pin only has 13 bits of entropy. 10^4 possible combinations... At 10 guesses per second (which is slow), assuming a 50% chance of getting it right before completing half the guesses and no lockout, you are looking at a hack in an average of 8 minutes or so. But this hack is pretty cool. What sort of lockout policy does an iOS device have?
tpatt100 wrote: » It has an option to enable stronger pass codes and after a number of attempts it disables the device temporarily. I need to check my Android phone to see what options I have on there come to think of it...
powerfool wrote: » Well, I think this technique is bypassing the system load. For that matter, if it is bypassing the iOS load, why even bother with cracking the PIN? Just copy the data off... They cannot possibly be using the PIN for full-disk encryption... it loads up without the PIN.
After bypassing the iPhone’s security restrictions to run its code on the phone, the tool “brute forces” the phone’s password, guessing every possible combination of numbers to find the correct code, as Dickinson describes it. In the video above, the process takes seconds. (Although admittedly, the phone’s example passcode is “0000″, about the most easily-guessed password possible.) Dicksinson acknowledges that users who set longer passcodes for devices can in fact make the devices far tougher to crack. “The more complex the password, the longer and harder it’s going to be to access the phone,” he says. “In some cases, it takes so long to brute force that it’s not worth doing it.”
tpatt100 wrote: » The person in the article says So doesn't it sound just like a brute force attack for the passcode? The vulnerability is just the lack of complexity of using four choices?
RobertKaucher wrote: » My understanding is that they are getting the hash of the pin and brute forcing it from there so that the phone can be unlocked. It seems like they already have access to the data, they are just getting the unhashed version of the pin for convenience's sake to allow the "attacker" to open the phone.
erpadmin wrote: » Has an application been developed that could encrypt the entire device (iOS or Android) that would defeat this exploit? If not, then I see a potential app coming....
tpatt100 wrote: » Is it just me but does that not sound logical? I mean that is like a burglar getting access to the inside of my house just so they can look for a spare key I might have laying around?
DevilWAH wrote: » no it can't be. becasue the password hash its self cant be further encrypted (apart from the standard manafactures OS ) as the OS needs to read it to compare it against the one you enter. there are various methods to try hide it and I am sure the manafactures do protect it in some fashion. But it will always be in the same way, so as soon as you break it on one phone, all other phones will be the same. This is the basic principle of jailbreaking devices or cracking DVD/Blueray keys. They are static methods so once broken they are hard to lock down again. Do you not think if there was a way to protect against them I think it would long ago been implemented by every manufacture under the sun.
Compare salaries for top cybersecurity certifications. Free download for TechExams community.
