Hacker News new | past | comments | ask | show | jobs | submit login

Quick question: if a user is under camera based surveillance and they type in their PIN, does that allow someone holding their data to decrypt it?

Because apparently China is putting cameras everywhere, and it stands to reason they could have a module that monitors for PIN entry and records it. Even at my workplace in the US I try to avoid entering my PIN near security cameras.




The answer to this used to be no, but iOS 11 made a number of changes that I don't fully understand yet; I think the answer is still no unless you have the device then you may be able to get an iCloud reset token.. but don't take my word for it. (at that point they already have your device though eh?)

As a side note I think people vastly underestimate how easy it is to capture you typing your password on a phone screen.. especially when you put it in the context of complaining about minor security implications of TouchID or FaceID. I would suggest it's typically much easier to watch you typing a password than to clone your TouchID .


In the US, though, TouchID and FaceID are liabilities because the police can compel you to provide your fingerprint and face.


There are some protections against exactly this.

If its been more than 48hrs since you last unlocked the phone or you turned off the phone, it will require your password again.


You can also discretely disable Face ID by holding down power and a volume button.


I am curious if android has the ability to quickly disable fingerprint unlock if you are in adversarial situation. So it only asks for passcode.


If you reboot the phone then it’ll only accept the PIN to unlock, at least on newer versions.


Or just use the wrong finger a couple of times.


Snowden hides under towel to type passwords :)) https://youtu.be/4EgTXEn15ls?t=37m31s


I could not help but notice the dissonance between Laura Poitras arriving at 'Newark Liberty International Airport' and how she was treated there. For small values of Liberty I guess.

It's simply harassment, the kind that I would have expected in former Eastern Germany, Poland, Russia or any other state like that.


Furthermore, clicking the above link actually displays a message saying the video is not available for viewing in the US...


That's odd, it works for me.


Sorry. I edited to add that it's based on country - information control (and its associated ambiguity) being another quality of totalitarianism.


It clearly says it's blocked by the Weinstein Company, who owns the US rights.


There's always a justification.


Does a towel stop the wifi-based attacks?


According to this (1) since iOS 11 update PIN code is now a single point of failure, if know PIN and have access to device (or probably Apple made data dump on Chinese servers) you can have everything.

(1) https://blog.elcomsoft.com/2017/11/ios-11-horror-story-the-r...


Was curious about this as well. It would be a huge oversight if the encrypted blobs could be decrypted with a 4 - 6 digit pin. Couldn’t it be brute forced?

My amateur understanding is the pin unlocks a hardware “safe” on the device which contains the actual decryption key, requiring physicAl access to the device even if the pin was caught on security cam.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: