hackproof your iphone

Now We Know — Apple Can Unlock iPhones, Here's How to Hack-Proof your Device
Friday, February 19, 2016 Swati Khandelwal

Here's How to Hack-Proof your iOS Device fro Unlock iPhone
Apple has been asked to comply with a federal court order to help the FBI unlock an iPhone 5C by one of the terrorists in the San Bernardino mass shootings that killed 14 and injured 24 in December.
The FBI knows that it can not bypass the encryption on the iPhone, but it very well knows that Apple can make a way out that could help them try more than 10 PINs on the dead shooter's iPhone without getting the device's data self-destructed.
Although Apple refused to comply with the court order and has always claimed its inability to unlock phones anymore, the FBI so cleverly proved that Apple does have a technical way to help feds access data on a locked iOS device.
And this is the first time when Apple has not denied that it can not unlock iPhones, rather it simply refused to build the FBI a Backdoor for the iPhone, in an attempt to maintain its users trust.




So, now we know that Apple is not doing so, but it has the ability to do so.
Now, when you know there are chances that your unlocked iPhone can be accessed by the government even if you have enabled "Auto-Destruct Mode" security feature on your device, you need to protect your iPhone beyond just 4/6-digit passcode.
How to Hack-Proof your iPhone?
Yes, it is possible for you to protect yourself from government snooping just by setting a strong passcode on your iPhone — passcode that the FBI or any government agency would not be able to crack even if they get iPhone backdoor from Apple.
Without wasting much of your time, here's one simple solution:
Simply Set at least random 11-digit numeric passcode for your iPhone.
Here's why (FBI Can't Crack It):
There is only one way, i.e. Brute Force attack, to crack your iPhone passcode. This is what the FBI is demanding from Apple to create a special version of iOS that increases the brute force attempts and ignores the data erasure setting.
iPhones intentionally encrypt its device's data in such a way that one attempt takes about 80 milliseconds, according to Apple.


So, if your iPhone is using a 6-digit passcode and there are 1 Million possible combinations as a whole, it would take maximum time of 22 hours or on average 11 hours to successfully unlock iPhone.
However, if you are using a longer passcode such as a random 11-digit passcode, it will take up to 253 years, and on average 127 years to unlock iPhone.
Doing so will make the FBI or any other agency unable to unlock your iPhone; not unless they have hundreds of years to spare.
To set a strong passcode, click 'Passcode options,' select 'Custom numeric code,' and then enter your new but random passcode.
Things to Avoid While Setting a Passcode
1. Do Not Use a Predictable Passcode: Avoid choosing a predictable string such as your birth dates, phone numbers, or social security numbers, as these are first priorities of attackers to try.
2. Do Not Use iCloud Backups: Avoid using an iCloud backup because doing so will enable the attacker to get a copy of all your iPhone’s data from Apple’s server, where your passcode no longer protects it. This will eliminate the need to guess your passcode.
3. Do Not Use Your Fingerprint: We have seen data breaches that had exposed fingerprints online and also, it is easy to bypass Apple Touch ID Fingerprint scanner. Even fingerprints can be collected from a suspect's corpse. So, using fingerprint security feature could also end up unlocking your iPhone in less time.
So, by choosing a strong passcode, the FBI or any other agency will not be able to unlock your encrypted iPhone, even if they install a vulnerable version of iOS on it.
Warning: You need to remember your passcode, whatever you set, because no one except you would be able to unlock your iPhone. Once you forgot your passcode, there is nothing you can do to get your important data and even access to your iPhone back.

Nice Post

FBI Screwed Up — Police Reset Shooter's Apple ID Passcode that leaves iPhone Data Unrecoverable

apple-id-passcode-reset
Another Surprising Twist in the Apple-FBI Encryption Case: The Apple ID Passcode Changed while the San Bernardino Shooter's iPhone was in Government Custody.
Yes, the Federal Bureau of Investigation (FBI) has been screwed up and left with no option to retrieve data from iPhone that belonged to San Bernardino shooter Syed Farook.
Apple has finally responded to the Department of Justice (DoJ) court filing that attempts to force Apple to comply with an FBI request to help the feds unlock Farook's iPhone, but Apple refused to do so.
According to Apple, the company had been helping feds with the investigation since early January to provide a way to access Farook's iPhone, but the problem is that the feds approached the company after attempting a 'blunder' themselves.
Here's How the FBI Screwed itself
On October 19, 2015, Roughly six weeks before the San Bernardino terrorist attacks, Syed Farook made a last full iCloud backup of his iPhone 5C, which Apple had already provided to the FBI under a court order.
Now the FBI is looking for the data on Farook's phone stored between October 19, 2015, and the date of the attacks on December 12, which has not been yet synced with Farook's iCloud account.
When the FBI approached Apple to help them brute force the passcode without losing data, Apple suggested the feds an alternative way, i.e., Connect Farook's iPhone to the Internet by taking it to a known Wi-Fi range. This way his phone would have automatically backup device data with his iCloud Account.
But the Twist lies here:
Just after the terrorist attacks, an unnamed San Bernardino police official 'Reset the Apple ID Passcode' associated with Farook's iPhone 5C "less than 24 hours after the government took possession of the device" in an attempt to access the data.
Here's the blunder:
By default, resetting the Apple ID password essentially creates an entirely new device ID on an iCloud account that will not automatically sync device data online, until the user manually configures the newly generated Apple ID password within the device settings.
Unfortunately, Farook's iPhone is already LOCKED, and Apple has already refused to provide a backdoor to bypass the device passcode.
So, the authorities are now left with no chance to pull off the data from iCloud even if they take the device to the known Wi-Fi range.
Here's what a senior Apple executive who requested anonymity told BuzzFeed:
The Apple ID passcode linked to the iPhone belonging to one of the San Bernardino terrorists was changed less than 24 hours after the government took possession of the device, senior Apple executives said Friday. If that hadn't happened, Apple said, a backup of the information the government was seeking may have been accessible…
The executives said the company had been in regular discussions with the government since early January, and that it proposed four different ways to recover the information the government is interested in without building a back door. One of those methods would have involved connecting the phone to a known wifi network.
The statement came just hours after the DoJ criticized Apple's response to the court order.
Possible Alternative Ways to Recover Data
But, there could still be some way out to get the data the FBI needed. One way could be if it is possible for Apple to simply restore the changes made to Farook's iCloud account.
This way the feds could search for known WiFi and get the data automatically synced to the associated iCloud account, unless or until Farook had not turned OFF auto-backup purposely.
Another possible way to recover the data without unlocking the device could be forcefully pushing (if and only if it is possible to install an update without user interaction) an iOS software update to the target device with an additional inbuilt application that will simply auto-backup every file on the system to a third party server.