Protect Your iPhone – How to Avoid Unauthorized Access

The Longer, the Better or How to Protect Your iPhone

We have already written about the GrayKey device that can allegedly crack iPhone passcodes. The maker of it, the mysterious Grayshift company, promises to be able to unlock any iPhone. This pretty much puts an end to the simmering conflict between the FBI and Apple that climaxed during the San Bernardino shooter case.

Since 2014, disk encryption is the default feature on iPhones. This means that while the passcode is safe, so is the data on the phone. To ensure the security of the device, Apple added delays between guesses. After four wrong inputs of a passcode the delay is just one minute, while the ninth guess locks the phone for one hour. The user can even turn on a setting that wipes the phone clean after ten failed attempts.

There were ways to bypass the delays, like disassembling the iPhone but GrayKey managed to find a compact and user-friendly solution. Since one of the Grayshift co-founders worked for Apple previously, the common guess is that they found a jail-break or a zero-day exploit. In other words, they ran into a firmware which previously had undiscovered vulnerability that makes all security measures insignificant. (Still, no comments from Apple!)

So far the device is available to the police only. It would be unwise to think that GrayKey won’t find its way to the underworld or that a hacker won’t be able to copy it.

What can we do to protect our devices then? Tip number one: forget 4-digit and 6-digit passcodes. Matthew Green, an assistant professor and cryptographer at the Johns Hopkins Information Security Institute studied GrayKey and made some calculations. Here are the times passcodes of various complexity take to crack:

• 4-digit code – 6.5-13 minutes
• 6-digit code – 22 hours
• 8-digit code – 46 hours-92 days
• 10-digit code – 12 years-25 years

As you can see, Green is much more pessimistic than the experts from Malwarebytes were about a month ago. You must also keep in mind that Green was studying the numeric codes, while alphanumeric passcodes are much better. A good alphanumeric password should include random letters, numbers and symbols in various combinations.

Fortunately, Apple allows users to pick this option when setting up their passcode. It also set the minimal number of digits at six since TouchID and iOS 9 were introduced in 2015.

To customize your password settings follow these instructions:

• Open your iPhone or iPad;
• Go to Face ID & Passcode or Touch ID & Passcode;
• Select Turn Passcode On;
• Select Passcode Options – you’ll see two options: custom numeric code or custom alphanumeric code. Choose the latter;
• Make up your own passcode and type it into the box;
• Confirm it on the next screen to activate.

If you use the short numeric passcode, we recommend you change it. To do so:

• Open your iPhone or iPad;
• Go to Face ID & Passcode or Touch ID & Passcode;
• Enter your passcode and select Change Passcode;
• Enter your passcode once more and select Passcode Options;
• Select Custom Alphanumeric Code;
• Confirm it on the next screen to activate.

Well, and here come a few tips if you ask yourself how to make a unique passcode for your iPhone and tips on how to remember it.

Links:

• Small mobile security tips to help you browse the net safer
• MAMI malware strucks MacOS