four-digit passwords fail to bolster ios 8 data encryption strength
DESCRIPTION
Strong passwords are vital in strengthening Apple’s revised encryption strategy in its iOS 8, says a fellow from the Princeton University.TRANSCRIPT
Four-digit Passwords Fail to Bolster iOS 8 Data Encryption Strength
Summary
Strong passwords are vital in strengthening Apple’s revised encryption strategy in its iOS 8, says a
fellow from the Princeton University. Apple's this new scheme depends on users choosing a strong
password, which they rarely do.
Passwords Still a Weak Point
Apple bolstered encryption in its latest iOS to protect more important data and employ more
protections within the hardware to make difficult for accessing.
The new system has worried the FBI who caused an uproar that it may make it tougher for law
enforcement to get any information data for them , since Apple has no access to it. Despite the
new security, information is till vulnerable in certain situations.
User of iPhone with simple passwords have no adequate protection against a powerful hacker who
could start guessing the password with the help of the mobile's cryptographic processor.
In case an iPhone is seized in its turned off mode, it is unlikely that keys can be obtained from the
“Secure Enclave,” the cryptographic co-processor that does the heavy lifting enabling encryption.
But if a hacker can boot the smartphone and gain access to the Secure Enclave, it is a possibility to
start guessing the passwords in a violent attack, and that is where the actual weakness lies.
Obtaining information from the iPhone hinges on a hacker's ability to bypass the complex “secure
boot” sequence of an iOS 8 mobile. Security experts assume that the sequence can be thwarted by
finding a security gap or stealing Apple's key to alternate code or pressure Apple into doing so.
If that is a possibility, then a hacker can begin guessing passwords against the Secure Enclave.
According to Apple’s documentation, such guesses could be done at a rate of either 1 guess every
five seconds (slower rate )or 12 guesses per second (faster rate).
Apple users, by default, are asked to set a simple password that is a 4-digit PIN, although users can
set longer passwords.
If a hacker can guess the 4-digit password at 12 per second, the entire space of 10,000 possible
PIN combinations can be guessed in 13 minutes (faster rate), or 14 hours (slower rate).
Slowing down the rate at which passwords can be entered would only annoy users.
Limiting the number of incorrect guesses and erasing the phone’s data could be an alternative but
that would require warning users that guessing would risk blanking their phone completely. Even
user opting for longer passwords are still at risk.
It is highly unlikely that users will set stronger passwords to secure their iPhones than online
service accounts, since keying passwords on a touchscreen is annoying.
The best possible advice is to set a password that is either a 12-digit random number or a 9-
character string of lower-case letters.
If there is a fear that a device may be seized, then it is best to keep it switched off, such as when
crossing international borders, as it offers the highest level of encryption protection.
More Information get from below link
https://blog.whichssl.com/2014/02/hackers-keen-on-attacking-ios-and-android-banking-apps