Post ASd1cUlp2g6kHSbIum by motorola68k@electron.ninja
(DIR) More posts by motorola68k@electron.ninja
(DIR) Post #ASd1XQMnzFWVAwTtKK by SwiftOnSecurity@infosec.exchange
2023-02-13T04:46:03Z
0 likes, 2 repeats
tl;dr Robbers are asking for phone passcodes now, consider in your threat modelsStreet robber shoots victim after he fights back, and twice again while demanding his iPhone password. Same day same robber uses passcode gained from woman at gunpoint to access her iCloud, Venmo, and edit her Facebook. Another woman who was robbed gave him the wrong passcode but he didn't check first.https://www.cbsnews.com/chicago/news/dakotah-earley-shooting-robbery-lincoln-park-tyshon-brownlee-charged-attempted-murder/
(DIR) Post #ASd1XRwI8nVG3I5kHI by SwiftOnSecurity@infosec.exchange
2023-02-13T05:49:37Z
0 likes, 0 repeats
Using the iPhone passcode to add a new biometric factor, in an attempt to get into locked apps, locks-out the face login for my bank app. Apparently this did not used to be the case and may not apply to all apps.Test any payment apps to see if they allow device password login without full biometric.
(DIR) Post #ASd1cTpgWpbTN9OsIS by lumey@fedi.lumey.dev
2023-02-13T06:20:06.119Z
0 likes, 0 repeats
@SwiftOnSecurity@infosec.exchange apple's guidelines directly say that the passcode is only a fallback and should never be implemented in a high security application actually
(DIR) Post #ASd1cUlp2g6kHSbIum by motorola68k@electron.ninja
2023-02-13T06:33:27Z
0 likes, 0 repeats
@lumey @SwiftOnSecurity What would be better is to support a duress code. Alarm systems have been doing this since forever.
(DIR) Post #ASdBNaYsEB6JRJ4hG4 by carlgleisner@infosec.exchange
2023-02-13T08:22:45Z
0 likes, 0 repeats
@motorola68k @lumey @SwiftOnSecurity Cool and all with a duress code and I would like to see it as an option for the user that wants to use it. But I'm thinking about the situation when criminals know of these duress codes (silent alarm) and get extra jittery by the not knowing.