• frazorth
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I would be curious to learn more, as this is a much touted security feature. If it’s that easy to bypass then we need to understand the limitations.

    Do you have any more information on this?

    • dotslashme@infosec.pub
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Not an expert in any way, but I would assume it is similar to having physical access to a computer. You would not be able to get into the existing device or retrieve data, but if you have stolen it and just to use the device, there are numerous tools to allow side loading of new blobs, that will bypass any restrictions.

      • 520@kbin.social
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        In theory this is true, in practice the protections Apple puts in place tend to put even games consoles to shame. That plus the quick turnaround of iPhone hardware means by the time it is cracked, it was already obselete

    • 520@kbin.social
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      The usual tactic is to send a phishing text to a number that calls it pretending to be Apple. They then get your Apple ID credentials and use that to unlock the device.

      • frazorth
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        How do you send a phishing text to a phone you have stolen? The owner would either not get the text, or get it via iMessage which the response wouldn’t appear on the stolen phone. I’m not following this tactic, so I’m obviously missing something.

        • 520@kbin.social
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          1 year ago

          The owner tries to call the number from another phone, usually a mobile. The hope is that the phone was misplaced and not stolen.

          • frazorth
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            So the owner calls the phone, which is answered by the thief who pretends to be Apple?

            Interesting.

            • 520@kbin.social
              link
              fedilink
              arrow-up
              3
              ·
              edit-2
              1 year ago

              They don’t necessarily have to answer. They can just note the number that appears on-screen and text it later from a different device.

              Usually the next step for the owner is to try get into their Apple ID to access the lost phone functions. That’s where the texts come in.

        • 520@kbin.social
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Exactly. The protections on the iPhone themselves are actually very strong for the time the phone released in. Unless you’ve got NSA-level hardware hackers in your org, this is by far your best bet.

          • smeg
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Very much depends on your threat model. An iPhone is great if you trust Apple with the backdoor to your phone, if not then you’re probably much more secure with GrapheneOS.

            • 520@kbin.social
              link
              fedilink
              arrow-up
              2
              ·
              1 year ago

              I mean yeah, obviously Apple isn’t going to be able protect you much against a state-sponsored threat with their own private list of zero days, or Apple itself, but right now that’s a small amount of people either are truly interested in fucking over.

    • smeg
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      This is the first article I found (so I don’t know how reliable the software is) but one suggestion is a tool that seems like it just jailbreaks the iPhone and can then remove the lock. So basically find an exploit that allows you to get round the protection.