Apple is making it significantly harder for hackers to break into iPhones, ZDNet reports — by introducing six-digit passcodes.
And in doing so, the Cupertino company could frustrate law enforcement.
Since the roll-out of iOS 8 in 2014, iPhones are encrypted by default. This means if someone gets unauthorised access to your device, they can’t simply plug it into a computer and download all the data — it’s scrambled in such a way as to be meaningless without the correct passcode.
But iPhone passcodes have historically been 4 digits long. Using only standard base-10 numbers (i.e. 1 to 10), it means there are only 10,000 possible combinations for each device. For comparison, a 4-letter password using the full 26-letter (lower-case only) alphabet has 456,976 combinations; if the password is 8 letters, there are a massive 208,827,064,576 combinations.
In short, 4-letter numeric passcodes aren’t very secure, and are liable to be “brute forced” — where an attacker manually cycles through every single possible combination to find the correct passcode. There have been attempts to stop brute force attacks by freezing phones after a certain number of attempts, but devices exist that can get around this. For example, the IP-BOX can be bought for just £120, and can crack almost any iPhone in hours.
Apple’s change from 4 digits to 6 increases the number of possible combinations from 10,000 to 1 million — drastically increasing the time it will take (on average) to break in.
Here’s what Apple’s website says about the change:
The passcodes you use on your Touch ID — enabled iPhone and iPad will now have six digits instead of four. If you use Touch ID, it’s a change you’ll hardly notice. But with one million possible combinations — instead of 10,000 — your passcode will be a lot tougher to crack.
But the move may also have the unintended consequence of infuriating law enforcement. There has been frustration from authorities over Apple’s decision to turn on encryption by default because it leaves them unable to access the data on the devices, even with a warrant. However, Apple and other security experts counter that the tech is essential to keep its customers secure.
In certain circumstances, law enforcement may try and brute force an iPhone in order to gain access to potential evidence within — and thanks to Apple’s change, that just got significantly harder.