1. 10

  2. 2

    This is crazy. I chalked the root-without-password problem up to Apple not caring much about MacOS anymore since they make so much more money from mobile devices. But this makes me think they just gave up.

    1. 2

      Once an intruder gains access to the user’s iPhone and knows (or recovers) the passcode, there is no single extra layer of protection left.

      Is this such a big deal? With physical access to the device, anything is one password away. What do you expect once an intruder gains access to your MacBook and knows (or recovers) the password? The whole point of two factor authentication is just, in addition to knowing the password, you need physical access to a trusted device.

      1. 7

        The issue is that before Apple would require you to enter other passwords to accomplish certain action.

        For example, before if you wanted to change your backup encryption password Apple would require you to type it in. Otherwise it would refuse to reset the password.

        Now you can remove the backup encryption password without entering the older password first. This allows the possessor to create a new backup password, back the phone up, grab the backup and with other tools dump all other passwords in the Keychain, like all their Safari-saved passwords for other websites.

        In this new world if the user happens to have setup two-factor auth, from the compromised device they can (quoting the article):

        • Change the user’s Apple ID password
        • Remove iCloud lock (then reset and re-activate the iPhone on another account)
        • Discover physical location of their other devices registered on the same Apple account
        • Remotely lock or erase those devices
        • Replace original user’s trusted phone number (from then on, you’ll be receiving that user’s 2FA codes to your own SIM card)
        • Access everything stored in the user’s iCloud account

        All this because you have the device in hand and either guessed or coerced their PIN from them. Whereas before Apple had layers to their security model. With an iOS 11 device you can totally own everything Apple they own and possibly a lot more.

        That’s why it’s a big deal.

        1. 3

          With physical access to the device, anything is one password away.

          I would not expect physical access to the device alone to yield administrator-level control of my iCloud account and the ability to wipe any of my other devices (to which the attacker did not have physical access). I think that’s a genuinely non-intuitive behavior.

      2. 1

        I’m not sure I’m horrified. Am I doing something wrong?

        1. 2

          Maybe that’s just the horror fatigue setting in?