High-level protection that iPhone users provide encryption algorithms and biometric scanners, pales in the background – not afraid of the word vulnerability, years existent in iOS. What is the point to talk about security Face ID, allegedly erring one time in a million, if you can bypass the passcode, which most users consists of four digits. What are you talking about, read the analysis from blackget.com.

Earlier this week we talked about how to access the saved passwords in “keychain” in the memory of your iPhone. As expected, this information is protected by using biometrics or password, which is used not protective combination of Apple ID and the passcode you use to unlock the phone if the fingerprint is not read or he does not know you in person. Many users “pass” by this feature, and are not even aware that she is one of the biggest vulnerabilities in the entire history of iOS.

Security iPhone — at the level of the first models

“What we see is very similar to the “hole” in the security system, — says Renat Grishin, chief editor blackget.com. – Because, in fact, access to key operating system partition that contains the critical information opens a combination that can spy on anyone. It is unclear what would be the point of Touch ID and Face ID if you can turn them off and enter the four-digit code, which is used by the vast majority. So sensitive data must be protected with a password from Apple ID”.

But the dependence on iOS from a four-digit passcode is much stronger than it might seem at first glance. Further analysis of OS has shown that it can help you to hack Apple ID. For this, we turn to the section with your account settings, find the option “Find my iPhone” and try to disable it. Of course, the system asks you to confirm the action by entering password from the Apple ID, but you can always pretend that we forgot the combination and modify it using the code password. Thus at any stage the system will not ask you any confirmation email or answers to test questions.

What are the dangers of disabling Find my iPhone

But if I disable “Find my iPhone”, you have complete carte Blanche, especially if it is made by the attacker. Now he can easily detach the phone from the account and do what you want with it, because no block or to locate you as the owner will no longer be able.

It is a shame that, by and large, all the iPhone’s security is tied to a four-digit password. Of course, you can complicate it by increasing the number of characters to 50, but in this case, each time when your smartphone doesn’t recognize your face or can’t recognize the fingerprint, you will have to get a protective combination. So the only logical solution to the problem should be used to protect sensitive information password from Apple ID that it would be impossible to change by entering the passcode.

Advertisements