post

Got an iPhone or iPad? You Need a Better Password NOW

There is a new tool for hacking in to an iOS device (i.e., iPhone or iPad) you should be aware of and why you should change your password NOW…but also make it a strong one.

A Motherboard investigation has found that law enforcement agencies across the country have purchased GrayKey, a relatively cheap tool for bypassing the encryption on iPhones, while the FBI pushes again for encryption backdoors.

According to Matthew Green, assistant professor and cryptographer at John Hopkins Information Security Institute, said on Twitter that GrayKey has an exploit that disables Apple’s passcode-guessing protections (i.e., SEP throttling) AND that a 4-digit passcode can be cracked in as little as 6.5 minutes on average, while a 6-digit passcode can be calculated in roughly 11 hours:

Another Motherboard article emphasized that you should immediately Stop Using 6-Digit iPhone Passcodes and yes, you should.

Why a Long, Secure Password Now?

Security and convenience are always a trade-off. But I’ve set up a password for my devices that, according to this password checker, will take 44 thousand years to crack BUT it is easy for me to remember, and to use, as my iOS “custom alphanumeric code.” This password has numbers, upper/lower case letters, along with a few special characters (e.g., !@#$%^&*()).

Do I have something to hide? Nope. But the reason I lock my front door, have security cameras and alarm system, and don’t invite random people in to dig through my drawers or important-papers in filing cabinets, IS THAT MY STUFF IS *MY* STUFF AND PRIVATE! I intend to keep it that way so I protect the shit out of things I want to keep private AND SECURE.

If you travel outside the U.S. like my wife or I do and come back in with your device, TURN IT OFF. That is because U.S. Customs is increasingly grabbing traveler’s devices and disappearing with them to a back-room, apparently to hook them up to a device to suck off all the data. While this hasn’t yet directly affected U.S. citizens, there is nothing stopping other countries from doing the same thing.

Plus, once all of your data is captured, there are enough cracking resources available to government agencies to be able to take their time to crack your device data they have previously stored. It might take them a year or, after quantum computing becomes a reality (if it isn’t already real) in the next several years, those times to crack may be reduced to minutes instead of days or years.

Police agencies within the United States may also be less adherent to the U.S. Constitution and Bill of Rights when it comes to the gray area surrounding digital search and seizures, even though in 2014, the U.S. Supreme Court addressed two cases, Riley v. California and United States v. Wurie, dealing with cell phones searches and the search incident to arrest exception to the warrant requirement. During searches incident to arrest, the high court has not required warrants under certain circumstances where protecting officer safety and preventing evidence destruction are at issue. For more, read this at FindLaw.

The U.S. Border Patrol also could be in a position to do whatever they damn well please — within 100 miles of the U.S. border — as you can see from this article at the American Civil Liberties Union (ACLU):

Why Can You Do?

About Steve Borsch

I'm CEO of Marketing Directions, Inc., a trend forecasting, consulting and publishing firm in Minnesota. Prior to that I was Vice President, Strategic Alliances at Lawson Software in St. Paul where I was responsible for all partnerships at this major vendor of enterprise resource planning software products and services. Read more about me here unless you're already weary of me telling you how incredible and awesome I am.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

 

Why Do I (and why you should) Use SiteGround?

READ THIS PAGE to learn how I finally found "the one" web hosting company which
I can now absolutely endorse and use. Or learn more at SiteGround directly and sign up: