
iOS 11 Horror Story: The Rise and Fall of iOS Security - Maakuth
https://blog.elcomsoft.com/2017/11/ios-11-horror-story-the-rise-and-fall-of-ios-security/
======
tolien
Prior to iOS 11, the OS would quite often ask for your Apple ID
username/password by showing a popup regardless of whether you were in another
app or Springboard. Since you don’t know what the hell’s prompted that
request, it was noted that this opens a vector for phishing [1] and it
conditions users to blindly put their password into anything that asks.

I wonder if this is an attempt to fix that gone wrong.

1: [https://9to5mac.com/2017/10/10/psa-apple-id-phishing-
attempt...](https://9to5mac.com/2017/10/10/psa-apple-id-phishing-attempt/)

~~~
snuxoll
Not a great solution, but if iOS itself is asking for your password pressing
the home button when the dialog is up will be a nop instead of returning you
to the home screen.

~~~
wonderous
Please clarify if “nop” is a typo, slang, etc.

~~~
tomc1985
Why can't people google things anymore?

~~~
Finnucane
What;s the National Organic Program got to do with it?

------
djrogers
So the TLDR; is that Apple allows a trusted device (your iPhone) and
PIN/passcode to be the identification required to reset a lost iCloud
password.

I honestly think this is a reasonable security model, as every other 'forgot
password' workflow that I see services use is already vulnerable to my phone
and passcode being in the wrong hands.

Think about the common options here. Apple could send out a rest link via
email, but bad guy already has my email. They could send a verification code
via SMS - oh wait, this is MY PHONE we're talking about. How about they send a
push notification to... nevermind.

About 3 seconds worth of thought brings one to the conclusion that with my
phone _and_ pin/passcode, a bad actor could reset the passwords for pretty
much every service I use - it's not just iCloud.

So someone explain to me in non hand-wavy terms how you'd expect this to be
any different/better?

~~~
kbenson
> So someone explain to me in non hand-wavy terms how you'd expect this to be
> any different/better?

From the article:

 _Any attempt to change or remove that password must pass through iOS, which
would require to provide the old password first. Forgot the original password?
There’s no going back, you’re stuck with what you have unless you are willing
to factory reset the device and lose all data in the process._

Apparently, there was no password recovery. Now there is, and as a convenience
it even skips the whole email step. This has implications for accessing the
data present on the device, which is the whole point of the article.

~~~
djrogers
I will clarify - I'm referring to the iCloud password reset, not the ability
to create a new backup with a different password. You're rebutting my
arguments about the former with quotes about the latter.

------
dannyw
This article can be summed up as "Apple relaxed the security model to that if
you have physical access with password authentication, you have full access to
everything else".

I don't entirely agree with this - if my iPhone PIN is compromised, I do not
want my 2FA iCloud account to be compromised.

~~~
Accacin
Agree, the old model was fine. I've been using iPhone because IMO it's a more
secure device than the alternative. Surely they could make this an option?

~~~
baldfat
> I've been using iPhone because IMO it's a more secure device than the
> alternative.

There are some alternatives that are absolutely more secure. Now the trade off
might not what you want, but the iPhone and iOS isn't the most secure smart
phone available.

[https://www.silentcircle.com/products-and-
solutions/devices/](https://www.silentcircle.com/products-and-
solutions/devices/)

~~~
X86BSD
Yeah that phone is so NOT secure. Like horribly not secure. I blame
google/android. See:
[https://charlescarrollsociety.com/2016/01/22/silentcircle-
bl...](https://charlescarrollsociety.com/2016/01/22/silentcircle-
blackphone2-review-privacy-from-whom-part-1/)

Things have not gotten better. So no, there are not alternatives that are
“absolutely more secure.”

~~~
kllrnohj
That link is about privacy, not security, and horribly misunderstands some
fundamental basics. Like that you can disable google applications just fine.
Sure you have to trust the OS to actually disable like it says it will, but
you also have to trust that iOS does what Apple says it does, too. But you
don't have to trust anything Google on that phone.

I think the phone is silly for other reasons, but that link is nonsense and
largely unrelated to the discussion at hand.

------
buildbot
While this is less secure than before, I’m not sure if I agree with there
premise that events such as San Bernardino perpetuated this change. This would
not have helped the FBI decrypt that iPhone if it had been running iOS 11,
since they were not able to effectively guess that phones 4 digit passcode,
let alone a 6 digit or alphanumeric passcode.

Their entire claim of a horror story relies on having physical access and the
passcode, which would be game over on basically any device anyway.

It does point out a problem with most sms and app based 2fa systems in that
all accounts that are protected as such essentially rely on your devices
passcode to keep those accounts safe.

~~~
penagwin
I'm still on iOS 10. If you get my PIN code (say you're a friend, you find it
somehow, repair shop - work at one and need the PIN, etc.) then you can't do a
whole lot. You still need my password or thumbprint to buy apps or change
passwords.

In iOS 11 it changes, now you can for example access all passwords in the
keystore. So you know my 4 digit pin for my phone, not to mention my Google
password, Apple iCloud password, etc. Those should not be accessible with just
the access code.

~~~
Razengan
iOS has had 6+ digit codes for a while. You shouldn’t be using just 4.

The way I go is have a long 10-14 digit code, and Face ID/Touch ID saves me
the trouble of having to key it in all the time.

~~~
jackjeff
I have always used an alphanumeric password instead of a PIN. Since Touch ID
my password is really long and complicated. I can’t remember it. I have a
matrix of hex numbers in the phone case to be used as memento to help recreate
the password in case of reboot. Actually two. So I can throw one away and
escape RIPA key disclosure law. The back of the matrix explains you need two,
and if one is missing then there is no way to retrieve the password.

------
fpgaminer
iOS's 2FA model confuses the hell out of me. I'm sure if I sat down and worked
it all out I could figure out what all Apple is using for 2FA on my iDevices,
but I haven't been arsed to do that and it shouldn't be this complicated.

With iOS's 2FA system : I've had to click buttons on other devices. Enter
codes on other devices. Enter codes from other devices. Click links in emails.
Type my passcode on other devices. I just ... don't have a grasp on it at all.

That's not good.

With regards to the backup issues outlined in the article, it's hard to say if
the backup leak is a major issue.

Take the casual user: They won't be making iTunes backups. Most casual users
are probably just doing iCloud backups. In fact, they don't do backups at all;
iCloud backups are automatic so they don't think about it (it just works).

Take the security hard user: They'll have a password instead of a passcode on
the device. So adversaries probably won't get access anyway. Of course, it's
possible they shoulder-skim your password, whereas they probably won't be able
to ever shoulder-skim your backup password. So certainly Apple's change here
_does_ objectively make the system weaker.

It's hard to say if what Apple did here was the right thing. Like I said, I
don't think most casual users are doing iTunes backups, so why even bother
making iTunes backups more user friendly?

Regardless, it could certainly be improved. Maybe require 2FA to reset backup
password?

The issue where you can reset the iCloud password is certainly troubling. It's
a hard issue to balance, as Apple doesn't want to set up a system where the
average user gets locked out of their account because they forgot their
password. But it really shouldn't be possible to take a single iDevice and
password and take over a user's iCloud account.

~~~
kccqzy
Maybe it’s just me but I’ve tried and failed several times to restore an
iCloud backup. A backup isn’t a real backup unless the restoration is tested.
Unfortunately iCloud backups would just never finish restoring for my device,
whereas restoring iTunes backups just works. So I usually set up a recurring
calendar item to remind myself to backup to my computer (which then get backed
up again using Time Machine and CCC). It’s sad that I have to do this.

~~~
princekolt
They're just very slow, and at least until iOS 10, apps that were in the
"restoring" state displayed no indication of such. I was told by an Apple
retail employee that in most cases WhatsApp was always the last app to finish
restoring, which was exactly the app that was "stuck" for me.

I assume it is because the iPhone is decrypting the backup, but it's just that
it is doing it very slowly for some reason.

------
nowherecat
Haha, this is too funny. I have an iPhone 5s that I encrypted years ago with a
password that I have unfortunately forgotten. Had to start from scratch with
my iPhone 6s, because of this. I stopped updating the 5s, hoping that one day
there will be an exploit that makes it possible to break in and pull the data.
Who would have thought that instead I will be happily upgrading to iOS 11,
because apple made it a feature.

I know this is bad, but for me it is awesome right now.

~~~
nowherecat
So I reset my forgotten password with this method and now cannot set a new
password. Every time I get

> The password you entered to protect your iPhone backup could not be set.
> Please try again.

What happens then is: the password i set is actually active, becuse to back up
i have to enter that password - but as soon as i unplug the iPhone and plug it
back in, I can/have to set e new password.

I updated iTunes to the newest version, restarted the iPhone, reset the iPhone
settings multiple times, but I cannot encrypt the backup anymore. Weird.

edit: (the solutions to this problem that google offers did not solve the
problem)

~~~
ma2rten
I would try contacting apple support. They are pretty helpful.

~~~
nowherecat
Seems to be a bug. You set a password, get told that it could not be set, but
then just ignore that dialog because it turns out to be set.

------
sambe
I started skimming towards the end. It sounds like there's some genuine
weakness introduced here. But I'm also getting the impression there's some of
the "security people" mindset Linus was ranting about:

"Forgot the original password? There’s no going back, you’re stuck with what
you have unless you are willing to factory reset the device and lose all data
in the process. If you ask me, this was a perfect and carefully thought
through solution."

I'm not sure how you can consider it a perfect solution that users are losing
their backups and hammering Apple for support about the issue. The suggestion
to make another backup via iCloud is not terribly useful to those who have
lost their phone.

~~~
graeme
The end was the most significant part. They can take over your icloud account
with the _phone_ password.

I don't care much about the phone backups on some secondary devices. I do care
whether those devices can hijack my icloud account with just that phone's pin.

That seems terribly broken, to be able to change icloud without having the
password or without 2FA.

~~~
fauigerzigerk
I agree. The first part about the backup seems like a side show because once
an attacker has logged into the device they already have access to everything
that would be in a device backup (usually).

~~~
dfox
The attacker with physical access to the phone does not have direct access to
the data, only to UI of applications that use that data, which is often
something significantly different.

------
magnat
Site is down at the moment, archived version available at
[http://archive.is/PtBr6](http://archive.is/PtBr6)

------
Twisell
PS: Actually I was wrong, I just checked and it seem very weird that you can
change the password without a confirmation from another trusted device or
trusted number. Meanwhile to mitigate a little the threat you can delete your
mobile phone number from trusted number so someone hijacking the SIM card
cannot receive a confirmation code if he put your sim card into another phone.

——————-

I don’t really get their point it’s like if someone told us « Linux have
weakened their threat assessment level, if you got the password of a sudoer
user you can access evrything on the system »

The only difference being that it extend to what you putted in the cloud. But
loosing the passcode on iOS was always the equivalent of giving full admin
right on the machine.

That’s the whole point of TouchID/FaceID/SecureEnclave teach user to have a
strong passcode while keeping a smooth UX because they don’t have to type them
regularly.

So yes this is a single point of failure which come with pros and cons.

\- The bad news is that if you give your passcode you can loose everything

\- The good news is that the only way to crack your device is to guess in ten
attempts what is the passcode from 1000000 possibilities by default (maybe
less cause you can’t decently use some combination like 123456)

~~~
moduspol
You can also use a full-blown keyboard password. That's what I do, since it's
so rare that I actually have to type it in.

------
zaroth
I’ve been bit by setting a secure iTunes backup password, and then forgetting
it, and having to go through an iCloud backup followed by device wipe and
restore just to get the old forgotten iTunes Backup Password off of the
device. It was painful.

But in the end I was able to remove the password and keep the keychain data
all in place and instill a new iTunes Backup Password which I knew.

So what’s actually changed other than not having to go through the whole
iCloud Backup/Wipe/Restore in order to reset the iTunes Backup Password?

Maybe I am misremembering and it didn’t actually restore my keychain back onto
the same device when I did the restore?

~~~
fpgaminer
> So what’s actually changed other than not having to go through the whole
> iCloud Backup/Wipe/Restore in order to reset the iTunes Backup Password?

Prior to iOS 11, to get access to a backup of an iDevice (and that backup
allows you to view all data on the device, keychain etc):

    
    
        1) iCloud Backup
        2) Wipe
        3) Restore [requires iCloud password]
        4) Perform iTunes Backup
    

Now under iOS 11 it's (according to the article):

    
    
        1) Reset Settings [requires pin code]
        2) Perform iTunes Backup
    

So the difference is that now you don't need the iCloud password.

~~~
abalone
If an attacker has access to the device and passcode, they already can view
all the data on it including the keychain. Right? So the concern here is just
that Apple has made it easier for attackers with access to a device and
passcode to exfiltrate in bulk instead of piece by piece via the UI.

In exchange for letting people reset their encrypted backup password without
losing data.

How is that a "horror story"?

~~~
fpgaminer
No I don't believe you can view the keychain on an iPhone. Hence why the
backup is necessary.

~~~
abalone
Oh you sure can.

Settings > Accounts & Passwords > App & Website Passwords

Settings > Safari > Autofill > Saved Credit Cards

~~~
fpgaminer
I stand corrected.

To nitpick, there is more data in the keychain than passwords and credit
cards. But I think having all your passwords and credit cards exposed is
probably bad enough.

------
StevenRayOrr
Here's the Archive.org link for anyone else having trouble getting to the
site:
[https://web.archive.org/web/20171130210154/https://blog.elco...](https://web.archive.org/web/20171130210154/https://blog.elcomsoft.com/2017/11/ios-11-horror-
story-the-rise-and-fall-of-ios-security/)

------
sschueller
Who will complain louder?

The security experts or the people who lost everything because they lost their
passcodes?

~~~
dovdovdov
You mean the people who haven't synced to iCloud or a computer?

If you carry your fortune in your wallet is it okay to blame the wallet
manufacturer for your financial crisis when you misplace it?

You are right though, those people are the loudest to complain. :)

------
0culus
If you look in the password and security menu in iCloud settings, there's an
option to set a recovery key: "Using a recovery key increases the security of
your account. When you create one, the only way to _reset your password_
[emphasis mine] is by using _another device_ [edit: emphasis mine] already
signed in with your Apple ID or by entering your recovery key."

I can find no mention of this feature in the article. It would seem that it
would mitigate the core problem described by preventing someone in possession
of your phone and passcode (but not the recovery key) from taking over your
iCloud account.

~~~
graeme
This is on ios 11? I just looked, and didn't see it.

Settings --> user thing at top --> password and security

Perhaps I'm in the wrong place.

~~~
0culus
I am on iOS 11. Here is an Apple knowledge base article about it:
[https://support.apple.com/en-us/HT208072](https://support.apple.com/en-
us/HT208072)

~~~
graeme
Thanks. Curious, I don't see it. I just have change password, two factor,
phone number, get verification code

~~~
0culus
Also see the reply I just made to my comment. It's no bueno.

~~~
graeme
Yikes. This seems a serious weakness. I get why they would make it easier to
do backups, but not why they would make it so easy to get icloud.

I guess the only consolation is that eventually the phone will logout, so the
attack would have to be done soon after getting the phone?

Update: It's much worse than that. I just got a login notification on my ipad
for my apple id. So I'm not signed in. But, I went to reset the password, and
it said I can do it with a passcode since I'm signed in to icloud.

So icloud signin lasts far longer than apple ID signin for the app store.

This seems like a _serious_ vulnerability. Makes me rethink having multiple
idevices, or putting _anything_ in icloud keychain. Any one of them gives
access to everything.

I am not a security expert though, so take this with a grain of salt.

------
andr
As a crude, but workable safety precaution, the Apple Configurator[1] can
prevent your phone from pairing with other devices, so even if someone resets
the backup password, they would still not be able to recover its content. Keep
in mind, that once enabled, the only way to disable it is to wipe your phone.

[1] [https://itunes.apple.com/us/app/apple-
configurator-2/id10371...](https://itunes.apple.com/us/app/apple-
configurator-2/id1037126344?mt=12)

------
jlgaddis
Somewhat related: There's currently an article on the front page of an
Indianapolis TV station's web site entitled "Technology advancements lead to
crack in IMPD officer evidence tampering investigation" [0].

It doesn't mention what type of phone they're talking about in this case (or
go into much technical detail at all, of course) but I'm very curious just
what "advancements" enable law enforcement to bypass the encryption that is,
by now, enabled by default on most phones, AFAIK.

I'd be even more interested if this was an iPhone, as that's what I have. This
wouldn't have been iOS 11, however, as the original event (the setting of a
passcode) occurred on 2015-11-02.

Regardless, these "advancements" discussed in this article sound more like
"regressions" to me.

[0]: [http://fox59.com/2017/11/30/technology-advancements-lead-
to-...](http://fox59.com/2017/11/30/technology-advancements-lead-to-crack-in-
impd-officer-evidence-tampering-investigation/)

------
nemothekid
While this is obviously less secure than iOS 10 - I can't help but think this
is a minor issue. If you treated your iPhone as a standalone device (something
that has been supported since iOS 5, I haven't touched iTunes in years), you
are vulnerable to this exploit. In other words, if you never set your iTunes
backup password, you were always vulnerable to everything in the article. I
didn't even know about the iTunes backup password feature and I've always
assumed passcode lost = full compromise.

I will admit though the data available to access in a backup is far deeper
than I had expected, and definitely far deeper than you can get through iOS
alone. I'm not a security nut, but I'm surprised I didn't know about this
option (again, probably because I don't use iTunes).

~~~
function_seven
You're referencing the first section of this post.

The other security relaxation allows you to change your Apple ID's password
without knowing what the old one was. To me, that's a much larger problem.

~~~
eridius
"Forgot Password" flow, by definition, lets you reset the password without
knowing the old password. That's how it works in every "Forgot Password" flow
ever invented.

So my question is (having never gone through that flow with Apple ID), what
was the "Forgot Password" flow in iOS 10? If the answer is it sends you an
email, how does that work for people that use icloud.com mail (because, if
they don't know their password, they can't get their mail)?

~~~
throwanem
> what was the "Forgot Password" flow in iOS 10?

The same, apparently; I just tried it on this phone, which I haven't updated,
and it didn't ask for anything but the passcode.

~~~
graeme
You reset your icloud password, or your phone password? The part that seems
new is that you can reset your _icloud_ password with phone access.

~~~
throwanem
I didn't reset either, but it gave me the same prompt described in the article
as an iOS-11-exclusive flow.

Perhaps the behavior of a completed reset differs; I'm not about to mess with
it just for kicks. But the fact that everything up to that point is identical
makes me doubt that somewhat.

~~~
graeme
But which one did you try to reset: icloud password, or phone passcode?

~~~
throwanem
iCloud.

------
wonderous
Interested in knowing idlewords response to this since their “Security
Guidelines for Congressional Campaigns” recommendation is to use the most
recent iPhone with the most recent updates:

[https://news.ycombinator.com/item?id=15777387](https://news.ycombinator.com/item?id=15777387)

------
graeme
Is this accurate?

Anyone who has your passcode and access to your device can takeover your
iCloud account by resetting the account, lock your other devices, and access
any passwords you have stored in iCloud keychain

If so, this seems like a _massive_ security liabilty, and grounds for deleting
all icloud keychain passwords.

------
ak39
This story needs just as big an attention as the recent root blank password
MacOS X disaster.

~~~
dep_b
No it doesn't. Protected with a six digit passcode is still quite secure.

~~~
cdolan
Do you know how many people use 4 digit passcodes, or no passcodes at all?

Do you know how many people share that passcode with others, intentionally or
unintentionally? Family members, spouses, etc. repair people who do screen
replacements. Their buddy, who can text for them while they drive.

I’m sitting on a plane and saw the person next to me enter her passcode. It’s
258085.

That is not a secure 6 digit passcode, it’s a vertical Tetris shape. Humans
are great at pattern recognition, particularly when it’s in a grid format and
leaves finger smudges.

I could easily pick pocket this woman’s phone and ruin her weekend without
much effort at all, just from reading this article.

But you say her 6 digit passcode is quite secure?

~~~
dep_b
I think deep inside you do understand the difference between immediate root
access to a system without knowing anything at all and spying on somebody to
learn their passcode. And even if I do agree it's definitely a change for the
worst it doesn't deserve they same hysterical response the root no password
required bug deservedly got.

~~~
cdolan
the root password hack also required physical access, or some sort of
proximity access on a network LAN, to be able to work. It’s really not that
much different than snooping on someone sitting a few seats away from you at
the bar

------
Domenic_S
> _While there, look for their Google Account password. If it is there in the
> keychain (and I don’t see why not), you’ll gain access to a whole lot of
> highly interesting information_

This is exactly why my google account password is the only one I do _not_ keep
saved anywhere. Not in keychain, not in 1password. It's a strong password,
plus 2FA (not that 2FA matters if someone has my phone).

------
randyrand
I've never understood why health data is assumed to be something people want
hidden and kept private.

If something happened to me, I'd like a stranger to be able to access it. It's
not particularly embarrassing information for people to see - for some people,
yes. But there should be a way to make your health data unencrypted for those
that prefer it very accessible.

~~~
r00fus
Your opinion amounts to "if you're doing nothing wrong, what is there to
hide?".

Privacy by default should be the norm, not the other way around - lots to be
inferred/exposed from even the smallest bit of info.

~~~
randyrand
I made no mention of defaults. "there should be a way to make your health data
unencrypted for those that prefer it very accessible."

I don't see the relationship to mass spying.

------
jacquesm
If you want security: don't put your life into a device that you carry with
you. Better still: don't put it in _any_ device.

~~~
cdolan
This argument pops up all the time, and has for years.

I recall seeing it when Eric Schmidt at Google said something like “don’t have
anything worth hiding, and then you won’t care if you are hacked”. Excuse my
brevity, but you argument and his are dumb arguments. These devices are
incredibly powerful, and allow us to interact with one another in ways pen,
paper, snail mail, and landlines never could (let alone the security risks
those mediums have, which cannot be mitigated).

Devices _can_ be incredibly secure. Manufacturers and service providers should
prioritize that over mindless convenience.

I would agree with you, however, that you should not put your entire life into
_any insecure_ device. And it seems the iPhone is not an _insecure_ device
(I’m frustrated, and I have a 20+ character keyboard passphrase! Let alone 4-6
digit code)

~~~
jacquesm
The problem - in my opinion, probably going against wiser and smarter people -
is that today's secure stuff is tomorrow's insecure stuff. So if you don't
want to be locked into an eternal cycle of upgrades or worry about what level
of security you should assign to the stuff you use everyday you are far better
off by simply not taking the risk.

I understand that for many people this is problematic because they need these
goodies for their day-to-day functioning. But so far I've managed to do
without them and I don't feel particularly handicapped.

------
thestephen
And on the flip side, every time I add a new device to my Apple ID, iCloud
flips out totally, detects "suspicious" activity, and locks my account (and
requires me to both verify it with one or more devices and changing my
password).

So: Inconvenience where there should be convenience, convenience where there
should be inconvenience.

------
pm24601
What does this say?

 _Do not interconnect services_

Specifically, I:

1\. don't use iCloud backup.

2\. Backup to my own computer

3\. Have a backup program to a different provider than Apple

4\. Do not interconnect accounts with iPhone/Mac.

Only annoying thing is the iphone telling me that iCloud backup is full
because I haven't upgraded.

------
ibigb
Everybody seems to forget you need 2FA, Ios 11, and the 4,6 digit pin or alpha
password in order to access the icloud password reset. Don't use 2FA with the
iphone.

~~~
graeme
Apple forces 2FA enrollment now. And someone who steals the phone and asks for
the pin now has access to icloud reset.

~~~
ibigb
Is that a fact? Many may disagree.

[https://ios.gadgethacks.com/how-to/enable-disable-two-
factor...](https://ios.gadgethacks.com/how-to/enable-disable-two-factor-
authentication-your-iphone-ios-11-0180350/)

~~~
graeme
Yeah, looks like I was wrong: [http://mashable.com/2017/06/06/apple-high-
sierra-ios11-2fa-s...](http://mashable.com/2017/06/06/apple-high-sierra-
ios11-2fa-security/#4xGMrt_hIqq8)

------
Twisell
TL;DR; If it’s truly a 2 factors security why the hell can you reset the
iCloud password with a single factor since iOS 11 ?!

------
late2part
You should be angry after you read this. The trust model is weakened and
changed to our detriment.

------
dimpadumpa
From deleloper point Apple have very low quality lifecycle and distribution
process

------
teilo
Suddenly my 12-digit passcode doesn't seem so paranoid.

------
jacksmith21006
What is up with Apple lately? Could not believe they were not able to get the
Homepod out for the holiday. The Mac root security issue getting the door is
insane.

~~~
dannyw
Homepod, plus all the missing iOS 11 features: iMessages in the cloud, Apple
Pay Cash (just launched)...

------
Top19
Great title, can’t get article to load.

~~~
The_Hoff
I'm interested to know if you still think the title is great after you get the
article to load. Of course it caught my attention, but after reading it I was
left with a, "wait this is a horror story?" feeling. I suppose to many this
seems like a huge vulnerability, but if we treat everything with these extreme
sentiments, then nothing will _actually_ be treated with special attention.
Conversely, if no articles are given these sorts of titles, maybe no one will
click them.

------
JustSomeNobody
This sounds tailor made for Law Enforcement.

------
saladeen
Between this and the Mac root login, looks like Apple has got 'an offer they
can't refuse' from Uncle Sam, and are establishing plausible deniability by
intentionally introducing security failures.

~~~
cdolan
But they patched the Mac root login within 48 hours of it becoming “a story”?
I don’t buy the conspiracy.

More likely, Apple wants to ease user adoption.

Did you buy an iPhone X? It was awesome to setup. There was this nifty feature
to use NFC/the cameras on my new phone to authenticate myself, and it was a
breeze. Huge fan of this type of improvement and convenience.

You know what I’m not a fan of? My iPhone being a gateway to hijack the rest
of my digital life. It’s a key to my little kingdom that didn’t exist before,
and my only protection is (figuratively speaking) locking my phone to me like
the Nuclear Football, and continuing to use a 20+ character passphrase with
enough entropy I can’t be brute forced.

~~~
saladeen
I meant that they are 'introducing' security fails so that once there'll be
indications they're giving data to Uncle Sam they can claim they were hax'd.

But I'm not really serious with this 'conspiracy theory', it's just some food
for thought/shitpostin'.

