Okay, a bit of an over-dramatic title, but close to it. According to ElcomSoft, iOS security overhaul in iOS 11 all but killed off the entire point of 2FA and made your device password a single point of failure, a clear vector of attack, not only to our Apple ecosystem, but to everything else that is connected to it.
Since this isn't getting that much attention on the front page, I wanted to toss it out here and see what everyone thinks.
https://blog.elcomsoft.com/2017/11/ios-11-horror-story-the-rise-and-fall-of-ios-security/
My thoughts on this from the comment's to Rene's article...
Just read the whole ElcomSoft article. I was not even aware that such radical changes were made to the security layer in iOS 11. I do not believe that these were invited by user need so much as an answer to mounting pressure by law enforcement to provide a single point of access that would avoid the headaches they experienced up to date. In other words, it is the equivalent of providing a back door that isn’t obviously open but still relatively easy to crack.
For my part, after reading the blog, I am thoroughly unimpressed by the changes. Part of the reason why I choose iOS over Android is because of its security. So much of our life is on our smart devices these days and this means that losing such a device or having it in the hands of somebody malicious can be devastating. iOS has the protections in place that at least offered one the ability to recover from such a loss in a reasonable way. The new changes make it very likely for the malicious party to be able to gain full access not only to your device but to *everything* Apple that you own. Depending on how extensive is your use of Apple and it’s comvemiece features, the *everything* might also involve all other services not related to Apple, like your Google account, Facebook, Instagram, cloud storage, work accounts, everything - literally. Not only gain access, but control too. This is a horribly scary prospect.
I feel like [the iMore] piece downplays the magnitude of these changes.
For me, it appears that I will now have to start adopting some of the same strategies I use on Android to protect my data against potential intrusion. No more iCloud Keychain for one.
Funny that this seemingly convenient change would cause me more inconvenience.
If you want to comment to the iMore article you can find it here https://www.imore.com/ios-11-real-story-rise-and-fall-ios-security-vs-accessibility
Since this isn't getting that much attention on the front page, I wanted to toss it out here and see what everyone thinks.
https://blog.elcomsoft.com/2017/11/ios-11-horror-story-the-rise-and-fall-of-ios-security/
My thoughts on this from the comment's to Rene's article...
Just read the whole ElcomSoft article. I was not even aware that such radical changes were made to the security layer in iOS 11. I do not believe that these were invited by user need so much as an answer to mounting pressure by law enforcement to provide a single point of access that would avoid the headaches they experienced up to date. In other words, it is the equivalent of providing a back door that isn’t obviously open but still relatively easy to crack.
For my part, after reading the blog, I am thoroughly unimpressed by the changes. Part of the reason why I choose iOS over Android is because of its security. So much of our life is on our smart devices these days and this means that losing such a device or having it in the hands of somebody malicious can be devastating. iOS has the protections in place that at least offered one the ability to recover from such a loss in a reasonable way. The new changes make it very likely for the malicious party to be able to gain full access not only to your device but to *everything* Apple that you own. Depending on how extensive is your use of Apple and it’s comvemiece features, the *everything* might also involve all other services not related to Apple, like your Google account, Facebook, Instagram, cloud storage, work accounts, everything - literally. Not only gain access, but control too. This is a horribly scary prospect.
I feel like [the iMore] piece downplays the magnitude of these changes.
For me, it appears that I will now have to start adopting some of the same strategies I use on Android to protect my data against potential intrusion. No more iCloud Keychain for one.
Funny that this seemingly convenient change would cause me more inconvenience.
If you want to comment to the iMore article you can find it here https://www.imore.com/ios-11-real-story-rise-and-fall-ios-security-vs-accessibility
Last edited: