iOS 9: Apple Introduces 6 Digit Passcodes, Stronger Encryption and Brute Force Prevention

3

Apple is taking their security to the next level, making it significantly harder for hackers to break into iPhones with the bundle of new features jam packed in iOS 9.

Following Apple’s announcement on iOS 9, the company has said they’ve clipped their four digit passcode for a more secure option, a new and improved six digit passcode lock.

Since Apple’s initial roll out of iOS 8 back in 2014, iPhones have been automatically encrypted the default. Essentially putting the encryption keys in the hands of Apple customers, safely out of the hands of Apple and the government. This move was in part to the Snowden leaks, when Apple was caught cooperating with the massive NSA dragnet surveillance program, PRISM. Meaning if your device was compromised or stolen, hackers could plug it right into their computer and download all of the data off of it, however, the data would be useless as it’s scrambled and encrypted.

Apple’s latest update is crushing one of their longest lasting features, the 4 digit passcode. Currently, with Apple’s 4 digit passcode, there are only 10,000 possible combinations for each device before it can be unlocked. To see how it works, simply bumping the passcode up to eight letters, all lowercase, would bring forward hundreds of millions of possible combinations. Apple’s 6 digit passcode will bring forward a new set of security, allowing there to be over one million possible combinations.

In short, four digit numeric passcodes aren’t very secure and are weak against brute force attacks, a method where attackers rapidly test username and password combinations to find the correct code. Apple has hindered brute force attacks thus far, but a simple IP-BOX that can be picked up for roughly $180 can crack nearly any iPhone in just a few hours.

Apple’s latest change with their 2 digit increase puts the number of possible combinations from 10,000 to a staggering one million, drastically increasing the amount of hours needed to break into an iPhone.

Apple said their new 6-digit passcode technology is extremely secure, writing:

“The passcodes you use on your Touch ID–enabled iPhone and iPad will now have six digits instead of four. If you use Touch ID, it’s a change you’ll hardly notice. But with one million possible combinations — instead of 10,000 — your passcode will be a lot tougher to crack.”

However, Apple’s new and improved security will likely intimidate law enforcement, who already claims Apple and Google’s current encryption policies hinder law enforcement and aid criminals, which is absurd and wildly untrue. Authorities have yet to publicly comment on Apple’s decision to enhance security, but with their past comments, we can be sure law enforcement won’t be happy.

Both Apple and security experts have come together agreeing that tech is essential to our daily lives and needs to be properly secured. Apple’s CEO, Tim Cook, said during a recent event that agencies attempts to undermine encryption are “incredibly dangerous” and that “people have a fundamental right to privacy.”

While Apple is putting the data back in the hands of the user, intelligence and law enforcement agencies are running rampant with complaints, but without taking legal action, Apple customers will finally be getting the privacy they deserve.

About Author

Brandon Stosh is the founder and CEO of www.freedomhacker.net. Stosh is a cyber security researcher and professional consultant who strives to provide reliable news on cyber-security based topics.

3 Comments

  1. Is there anyway right now to track and see everything coming from external ports into the ANDROID (and IPHONE) and going out to external ports for same. I want to see everything telnet, http, — in short everything.

    • I do not believe such is possible for iPhone, but it may be possible for Android. I know if the iPhone is set correctly on the computer you can gain backend access, but not sure about tracking every port. I have personally never tested it out, but if you come across any solutions, please let us know.

Leave A Reply

Send this to friend