brandur.org

Insecurity by instinct

After two years of good luck, I dropped my iPhone 6 on the sidewalk and the screen artfully shattered into a complex web of a million pieces. Naturally, two days before my trip home for the holiday break. In a rush to get it back to normal for coming the multi-week trip, I went to a local repair shop in SF operating out of a small office in SOMA overlooking the freeway who could repair the screen same day.

While filling out a form containing my contact information, I came across a field called “phone passcode” and marked as mandatory. When I informed the staff that I wouldn’t be putting down a passcode, they were floored; obviously the first time such an appalling event had occurred in the shop’s history. The fact that a client might refuse to surrender the code protecting their e-mail (personal and probably corporate), two-factor codes, chat history, files in Dropbox, notes, photos, and an untold amount of active sessions in their mobile browser 1 was so incredulous that it left them momentarily speechless.

You can drop a few million on the latest iOS zero-day, but by far the easiest way to compromise a user’s security is to just to ask them to do it (nicely of course).

(To their credit, they still fixed the phone, and did a reasonable job of accommodating a paranoid nutcase like myself who’d obviously just removed their tinfoil because it wouldn’t fit through the door of the building.)

1 Note even to mention access to the SIM card that they probably left in their phone and which may be set as a recovery number on a number of their critical accounts.

Did I make a mistake? Please consider sending a pull request.