Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's not a backdoor to the phone only being unlocked by the passphrase, but a backdoor to the number of attempts limitation.


This limitation must be built into security hardware used by iPhone so software couldn't do anything about it. I was under impression that it's how iOS security model works. If it's not and in fact this check implemented in iOS itself, it's much weaker protection and it's really looks like an intended backdoor from Apple.


It sounds like it is built into hardware with newer iPhones containing the secure enclave, but not for an older phone like the iPhone 5C.


It's not really built into ‘hardware’, it's enforced by the Secure Enclave, which is software-based and accepts software updates signed by Apple. It's secure against kernel exploits and third-parties, but not against Apple.


I'm really interested to know more about this. Does TouchId secure enclave really enforce the password attempt limits?


Yes, see page 12 here https://www.apple.com/business/docs/iOS_Security_Guide.pdf


Its really a pretty impressive design. Android phones are lacking here.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: