iOS10 passwords can be cracked much more easily

Friday September 23, 2016

Feature head image

UPDATE: Apple has issued the following statement: “We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update.”

___________________

Security software firm Elcomsoft reports that a weakness in iOS 10’s backup procedure means that iOS passwords can be discovered approximately 2,500 times faster compared to previous iOS releases.

A brute force attack combined with its own “smart attacks” running over the space of two days gives an 80 to 90 percent chance of successful password extraction from an iOS 10 iTunes backup, Elcomsoft says.

The weakness lies in a new backup protection mechanism applied to iOS 10 device backups made using iTunes. The new mechanism introduced by Apple with the OS update allegedly skips certain vital security checks that ordinarily slow brute-force password attacks, in which a huge number of guesses are attempted in order to discover a password.

Notably, the weakness does not apply to backups made online via iCloud, which remain as secure as they ever were.

Although Elcomsoft has not yet refined its Phone Breaker app used in the new attack, in that it doesn’t yet leverage the power of a GPU for this particular attack vector, they are currently reporting the following speeds in brute-force password guessing attempts:

iOS 9 (CPU): 2,400 passwords per second (Intel i5)

iOS 9 (GPU): 150,000 passwords per second (NVIDIA GTX 1080)

iOS 10 (CPU): 6,000,000 passwords per second (Intel i5)

There’s little doubt that Apple will patch the weakness in a future iOS 10 update, and additionally the requirement to have physical access to a backup file created by iTunes means the attack is unlikely to see widespread use by hackers. However, for law enforcement agencies able to impound computers and devices the new vulnerability is something of a gift.

Main feature illustration


,

Leave a comment...

---

How to get a black (transparent) dock for your jet/matte black iPhone 7

Thursday September 22, 2016

Feature head image

Want to go completely black on the home screen of your new jet black or matte black iPhone 7? Here’s how.

  1. Visit this link in Safari on your iPhone (other browsers won’t work!), which will show a single black pixel. It’ll be too small to see, but don’t worry about that. Just click the Share button at the bottom, and then the Save Image option.
  2. Open Photos on your iPhone and then select to view the image, which will appear as a large black square.
  3. Tap the Share button and select to Use As Wallpaper. Select the Still option, and then tap the Set button. Select to use it for your Home screen only.
  4. The above steps might be all you need but if the Dock still appears as a gray bar, open the Settings app, and then tap General > Accessibility > Increase Contrast. Tap the Reduce Transparency switch so that it’s turned off.

Incidentally, DO NOT try this on a Mac! Within OS X El Capitan there was a nasty bug whereby a 1×1 pixel wallpaper such as this will cause the Dock to entirely disappear – as in quit, and not start-up again. I’ve no idea if this has been fixed yet – I filed a bug report with Apple (#26032473) – but I don’t want to try it again on macOS Sierra to see what happens because it’s a PITA to fix!

Main feature illustration


,

Leave a comment...

---

How to play ANY video picture-in-picture on macOS Sierra

Thursday September 22, 2016

Feature head image

Picture-in-picture is a new feature in macOS Sierra in which you can send a video to a corner of the screen, where it’ll remain playing “on top” of other windows while you carry on with other tasks in other apps. Yet, amazingly, picture-in-picture is only available in the Safari web browser (or if you import the movie into iTunes, which isn’t always desirable).

If you use the QuickTime Player app, you DON’T get access to picture-in-picture.

God knows why Apple imposed this limitation but the solution is simple if you want to quickly play a video file on your hard disk using picture-in-picture – just open a new tab in Safari, then drag the file on top of the address bar until the cursor turns into a green plus symbol. The video will start playing within Safari and you can then right-click it to select the picture-in-picture option.

This will only work with video files that macOS natively understands, which is pretty much limited to MP4. You can always convert video files in other formats via the superb Adapter.

Main feature illustration


,

Leave a comment...

---

The iPhone 7 Plus telephoto lens switches off in low light

Wednesday September 21, 2016

Feature head image

Did you know that the iPhone 7 Plus’ much-vaunted second telephoto lens will NOT activate if there isn’t sufficient light? This includes indoor locations with artificial lighting where there you might think there’s more than enough illumination.

Don’t believe me? Take a look at the video below where YouTuber Martin Keen proves it and explains why (the telephoto lens has a smaller aperture, so just can’t handle lower-light situations, while the wide-angle lens alongside has a sufficiently wide aperture).

In other words, tapping the 2x zoom button on the iPhone 7 Plus will only digitally zoom in unless you’re outdoors – or unless you’re in a particularly brightly-lit indoor location. Image quality will therefore be reduced significantly.

Apple kept quiet about that one, didn’t they?


,

Leave a comment...

---

◀︎ Older /
Recently on MKF