Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This limitation must be built into security hardware used by iPhone so software couldn't do anything about it. I was under impression that it's how iOS security model works. If it's not and in fact this check implemented in iOS itself, it's much weaker protection and it's really looks like an intended backdoor from Apple.


It sounds like it is built into hardware with newer iPhones containing the secure enclave, but not for an older phone like the iPhone 5C.


It's not really built into ‘hardware’, it's enforced by the Secure Enclave, which is software-based and accepts software updates signed by Apple. It's secure against kernel exploits and third-parties, but not against Apple.


I'm really interested to know more about this. Does TouchId secure enclave really enforce the password attempt limits?


Yes, see page 12 here https://www.apple.com/business/docs/iOS_Security_Guide.pdf


Its really a pretty impressive design. Android phones are lacking here.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: