Hi Sieghard,
It's good to see you around. I have to disagree with you here, though,
if I may.
First, I am not at all concerned about the passcode being too short and
being forced because of its shortness. If I had anything that needed protection
with a long passcode, it probably shouldn't be on my phone anyway. What renders
the passcode useless is basically tricks like the one posted by the original
poster in this thread. Obviously, that one doesn't work, but there are,
depending on your iOS version, plenty that do. Keep in mind, also, that these
tricks are themselves rendered useless by publicity. That is, if a person knows
how to break the passcode and is dishonest, he would not pass that information
around too publicly in case, as happened in the 7.x series, Apple patched the
hole. The fact that even so, there have been quite a few exploits published and
patched makes me seriously doubt that the passcode system is secure enough to
bother with the inconvenience of even a short code. Personally, if I had
information that I was nervous about on the phone, I would put in a long code
and hope for the best, but wouldn't expect the best, nor would I keep that
information on the phone any longer than absolutely necessary.
As for touch ID, I should say that I have a 5S but use it in a Defender
case for the 5. One of the reasons I do that is because I don't want, under any
circumstance, to use Touch ID. I don't use Touch ID because I don't trust
Apple, I don't trust them not to leak if it's in their interest, I don't trust
them to be smart about how they handle the data, and I don't trust them to be
truthful about appropriate isolation of fingerprint data. Given that changing
the finger print is a bit more difficult than changing a password, using it on
a mobile device is too risky, in my view. I should say that I wouldn't trust
Google or any other phone manufacturer, either, I just think biometric
security, particularly with the fingerprint, is hopelessly unsafe if you don't
design the system yourself, and if you design the system yourself, there goes
the convenience factor.
As for not locking up the car, I don't think one should lock the car to
keep it from being stolen. The point of the lock is to do two things, first, it
keeps the insurance company from complaining that you didn't lock the car, it
is the standard practice, and secondly, it keeps people who for some reason try
the handle with no intent to steal out of the car. As you say, most locks on
cars, and indeed on houses, are broken easily enough.
Finally, I'm not saying the passcode is useless for everyone, just for
me. For example, the passcode may be useful if there are young children in the
house who like to play with the phone, or if there are people in the house or
workplace who want to snoop on the phone and don't want to put effort into it.
The fact that I don't have such impediments doesn't mean that others don't and
that they may not want to use a code. My response was only to the original
poster who seemed surprised that he thought he could avoid the passcode. As it
turns out, his particular example was wrong, but he still shouldn't be
surprised if one day the avoidance is possible, it has been before and I have
no doubt will be again.
Aman
[email protected] [mailto:[email protected]] On Behalf Of Sieghard
Weitzel
Sent: Sunday, April 26, 2015 4:31 PM
To: [email protected]
Subject: RE: Iphones no longer secure
Hi Aman,
I beg to differ, in my opinion enabling passcode and touch Id offers a great
deal of security and if you were concerned about how relatively easy it is to
break a 4-digit passcode, you can always disable simple passcode and use a 8 or
10 digit password with letters, numbers and all that. Touch Id of course makes
it super easy to unlock your iPhone so that the actual passcode is only
required when you reboot your phone which typically is not that often so using
a more difficult passcode may be justified. The main reason why I upgraded from
my 4S to the 5S at the time was Touch Id and even if I don't have very
sensitive data on my phone, I still wouldn't want people to have access to my
contact list, pictures, text messages or emails.
Also, I think there is a difference whether your phone is stolen by somebody
who thinks he can make a few bucks reselling it or by a skilled hacker who
thinks you have information on your phone which warrants an effort of at least
hours or maybe days to try and break into it. I think the chances my phone is
stolen by somebody like that are pretty small. Furthermore, if my phone is
locked with a passcode/Touch Id, somebody who steals it cannot disable Find my
iPhone nearly as easily although I believe even a phone with no security which
has Find my iPhone turned on requires you to enter your Apple Id password when
you try to disable Find my iPhone.
Anyhow, to me using Touch Id if your device supports it is a no brainer even if
you just use it because it's faster and easier to unlock the phone than finding
and double tapping the Unlock button. I have to press the home button even if I
don't have any security enabled so I might as well press it and leave my finger
on it for a second so it unlocks my phone with Touch Id. In some ways not using
it would be like not locking your car because after all, a professional and
skilled auto thief will be able to steal it whether it's locked or not.
Regards,
Sieghard
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of
Aman Singer
Sent: Sunday, April 26, 2015 11:59 AM
To: [email protected]
Subject: Re: Iphones no longer secure
Hi Jeremy and all,
Around fifteen years ago now, someone at Microsoft wrote something he called
the ten immutable laws of security
https://technet.microsoft.com/library/cc722487.aspx
The whole thing is worth reading, but one of the laws or more accurately
descriptions, says:
Law #3: If a bad guy has unrestricted physical access to your computer, it's
not your computer anymore
A smartphone is nothing more or less than a computer. The passcode/fingerprint
is simply security theatre, it makes things look secure and may be secure
against someone who doesn't have Google, but it is not secure in fact. Once the
phone is in the hands of someone who wants and is willing to bypass the
security, nothing is secure in fact, it only depends on how much trouble the
attacker is willing to go to.
As to this particular method of attack, the user can simply make sure Siri
doesn't work on the lock screen. Again, though, it doesn't much matter, there
are other methods. Keep your phone with you and, in most cases, you need not
worry about physical access without your knowing about it. This is one of the
reasons why I have no passcode on my phone, it offers very little extra
security but does offer an inconvenience when I want to unlock the phone. I do
not keep any secure data on my phone, any data that I object to the public
having access to, simply because the chance of theft is too high and, as we
see, the passcode is not of much use.
Aman
--
The following information is important for all members of the viphone list. All
new members to the this list are moderated by default. If you have any
questions or concerns about the running of this list, or if you feel that a
member's post is inappropriate, please contact the owners or moderators
directly rather than posting on the list itself. The archives for this list can
be searched at http://www.mail-archive.com/[email protected]/.
---
You received this message because you are subscribed to the Google Groups
"VIPhone" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/viphone.
For more options, visit https://groups.google.com/d/optout.
--
The following information is important for all members of the viphone list. All
new members to the this list are moderated by default. If you have any
questions or concerns about the running of this list, or if you feel that a
member's post is inappropriate, please contact the owners or moderators
directly rather than posting on the list itself. The archives for this list can
be searched at http://www.mail-archive.com/[email protected]/.
---
You received this message because you are subscribed to the Google Groups
"VIPhone" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/viphone.
For more options, visit https://groups.google.com/d/optout.
--
The following information is important for all members of the viphone list. All
new members to the this list are moderated by default. If you have any
questions or concerns about the running of this list, or if you feel that a
member's post is inappropriate, please contact the owners or moderators
directly rather than posting on the list itself. The archives for this list can
be searched at http://www.mail-archive.com/[email protected]/.
---
You received this message because you are subscribed to the Google Groups
"VIPhone" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/viphone.
For more options, visit https://groups.google.com/d/optout.
