Felix KrauseFeb 25, 2023

This is a HUGE iOS security issue. Especially the last 2 years where you'd be asked for the PIN code when wearing a mask. You're not protected from this, even with 2-factor enabled.

https://www.wsj.com/articles/apple-iphone-security-theft-passcode-data-privacya-basic-iphone-feature-helps-criminals-steal-your-digital-life-cbf14b1a?st=i7u41zn623p8501&reflink=desktopwebshare_permalink

A Basic iPhone Feature Helps Criminals Steal Your Entire Digital Life

The passcode that unlocks your phone can give thieves access to your money and data; ‘it’s like a treasure box’

WSJ
Show threadweiranFeb 25, 2023
@KrauseFx FaceID has worked with masks for over a year, it’s a hole but not a huge issue and only affects those that insist on using passcodes
Show threadFelix KrauseFeb 25, 2023
@weiran Doesn't work well for me 🤷‍♂️ and "over a year" is still a year where this was actively exploited, including a friend of mine
Show threadweiran
@KrauseFx the conditions needed to exploit this means you have to be targeted individually. It definitely sucks and Apple should put more protection around Apple ID password changes, but compared to something like the recent Safari 0-days it’s barely worth worrying about.
Feb 26, 2023 at 8:58amWeb