FBI has found a way to unlock the iPhone of the San Bernardino gunman without Apple’s help. As this development confirms there is a vulnerability “in the wild” that Apple does not know about, there is a risk that hackers may exploit this vulnerability. Paul Henry, IT Security Consultant for the Blancco Technology Group, has therefore studied how Apple’s security was likely bypassed and provided the following advice to iPhone users looking to minimise their exposure to this threat.
Paul Henry, IT Security Consultant, Blancco Technology Group:
While we do not know the exact technical details of exactly how the lockout mechanism was bypassed, we do know that a Brute-Force guess of the passcode was performed. Hence, it would be prudent for any iPhone user to make brute-forcing the pass code, at a minimum “more” difficult for a would-be bad guy by following the following recommendations to strengthen their iOS security:
- Users should turn on passcode to protect their devices.
- Users should use a 6-digit passcode – they should not use a 4-digit numeric passcode because it can be cracked with a brute-force attack. With a 6-digit passcode, there are one million possible combinations (instead of 10,000 for a 4–digit passcode).
- Users should use the ‘Erase Data’ option in the passcode settings of their iOS devices. This ensures that the phone will be wiped after 10 failed attempts to crack the code.
[su_box title=”About Paul Henry” style=”noise” box_color=”#336588″][short_info id=”60604″ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.