“The privacy standard-bearer of the tech industry said it will change the default settings in the iPhone operating system to cut off communication through the USB port when the phone has not been unlocked in the past hour,” Menn reports. “That port is how machines made by forensic companies GrayShift, Cellebrite and others connect and get around the security provisions that limit how many password guesses can be made before the device freezes them out or erases data.”
“Apple representatives said the change in settings will protect customers in countries where law enforcement seizes and tries to crack phones with fewer legal restrictions than under U.S. law. They also noted that criminals, spies and unscrupulous people often can use the same techniques to extract sensitive information from a phone. Some of the methods most prized by intelligence agencies have been leaked on the internet,” Menn reports. “‘We’re constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data,’ Apple said in a prepared statement. ‘We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs.'”
“With the new settings, police or hackers will typically have an hour or less to get a phone to a cracking machine. In practical terms, that could cut access by as much as 90 percent, security researchers estimate,” Menn reports. “In theory, the change could also spur sales of cracking devices, as law enforcement looks to get more forensic machines closer to where seizures occur. Either way, researchers and police vendors will find new ways to break into phones, and Apple will then look to patch those vulnerabilities.”
Read more in the full article here.
MacDailyNews Take: There’s a big, big hole sealed shut!
Use long, alphanumeric passwords and, even if there is a GrayKey box on every corner, your data will remain secure.
Use at least seven characters – even longer is better – and mix numbers, letters, and symbols.
To change your password in iOS:
Settings > Face ID & Passcodes > Change Passcode > Passcode Options: Custom Alphanumeric Code
Apple’s iOS 11.4 update with ‘USB Restricted Mode’ may defeat GrayKey, Cellebrite forensic tools – May 8, 2018
GrayKey box can guess a six-digit iPhone password in 11 hours on average – April 16, 2018
Police around the U.S. can now unlock iPhones – April 12, 2018
Law enforcement uses ‘GrayKey’ box to unlock iPhones – March 16, 2018
The man who wrote those password rules has a new tip: N3v$r M1^d! – August 8, 2017