Good morning people. I have a new important recommendation.
-
Upgrade to 18.4 it includes many anti-forensics
-
If utilizing Apple Configurator or iMazing to enforce profiles, you have the ability to lower the max password attempts. Hereās what Apple states about this.
| Attempts | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 or more |
|---|---|---|---|---|---|---|---|---|
| iOS and iPadOS Lock Screen | None | 1 minute | 5 minutes | 15 minutes | 1 hour | 3 hours | 8 hours | Device is disabled and must connect to a Mac or PC |
āIf the Erase Data option is turned on for iPhone, iPad, or Apple Vision Pro (in Settings > [Optic ID], [Face ID], or [Touch ID] & Passcode), after 10 consecutive incorrect attempts to enter the passcode, all content and settings are removed from storage. Consecutive attempts of the same incorrect passcode donāt count toward the limit.ā
You cannot edit the number of consecutive attempts unless you use a profile. The trick is if we configure this option to ā3ā your phone will instantly factory reset without any of the delays mentioned in the apple chart as soon as you try the 4th time. This might be inconvenient if you donāt use iCloud + ADP.
This payload allows you to wipe your phone faster than a GrapheneOS duress password can be typed. Without a profile, if you have Find My enabled you require internet and typing a password to achieve a factory reset. This completely overrides that 
As apple keeps patching more loopholes it is important to keep strengthening iOS as much as we can. Please read all recommendations and lmk if you need assistance.
But what if a friend or a kid be your relative or whatever jokingly attempts multiple passwords at a go, wouldnāt that risk losing all of your data? I think GrapheneOSās approach is more sane.
If you are going through all this trouble and arenāt maintaing positive control over your mobile device at all times possible then itās pointless. Iād rather keep having to restore from a backup then have some random people freely rummage through my personal device.
Thank you for this guide. I have appreciated it and implemented some steps. I had some follow up questions if I may:
- For your shortcut, can you clarify its use case and why it would be preferable to vol+power? Here is an instance where it failed to run, and Iām questioning if vol+power is the better move.
- Itās my understanding enabling dev beta will disable contact key verification. If that it true, would it be better to stay on latest stable?
update to latest iOS dev beta
-
Should I use Apple configurator on Mac OS or iMazing? I have not implemented MDM before, but am curious about some of these additional features and settings.
-
What are your thoughts on physically disabling the USB port and charging via wireless only? Or, Is it possible to software disable the usb port for data?
-
Iām not sure how you came upon that error but youāre supposed to add the shortcut as a widget or icon on the home screen. When you click it you can swipe to shut the phone down.
-
If you value that feature then yes. Dev betas give you non-announced security updates quicker though such as the auto-reboot that apple still hasnāt acknowledged publicly.
-
They accomplish the same thing. If you have a macbook use apple configurator.
-
If you mean physically tampering with the phone Iām pretty sure they can just fix whatever you did and gain access again. iPhone is already supposed to disable the port for data when usb restricted mode is on but clearly it wasnāt working until the recent security update in iOS 18.3.1. Why? I have no idea. I believe someone did a write-up on it.
Do iPhones disable the USB port on a hardware level like GrapheneOS? I had the impression they donāt from https://xcancel.com/GrapheneOS/status/1855582940568158329#m
Thank you! How can I enable usb restricted mode? I skimmed the thread but I must be missing it. Is it only time based? If only time based - this is why I could see benefit in disabling the usb port. Repairs take time.
Got it. That shortcut makes more sense to me now for post-lockscreen activities. My screen was locked and the shortcut initiated on the lockscreen to produce that error.
I would like to suggest the following workflow that would complement this shortcut for an iPhone in a locked state. Open to any feedback.
- Create a shortcut leveraging the native power-off function. (This is native to the shortcut app)
- Add this new shortcut as a button on the lockscreen, or to your action button if available.(I replaced my camera launcher since I can always swipe right for camera)
Under duress steps would be:
- Initiate vol+power, disabling face-id. - Avoiding need to unlock to shutdown.
- Initiate the previously mentioned shortcut
- Select shutdown (no need to slide)
In this method, you do not need to unlock your device to quickly power down.
Great advice.
Steps for lockscreen power-button.
- Make new shortcut with shut down function
- Drag it to be the first shortcut on the āAll shortcutsā tab
- Long press lockscreen and click Customize
- Click Lock screen
- Click Add Widgets
- Click the Shortcuts option
- Click Done
Note: This is only meant to turn off a phone from the lockscreen when face id is enabled. After you run this once face id will be disabled until password is typed.
Action button can be programmed too but is only available on iPhone 15 pro and up.
Settings > Face ID & Passcode
Lockdown mode will activate it quicker than one hour. Iāve timed it at 10 seconds after phone is locked. When thereās no fancy zero days circulating these little settings are powerful on iOS.
Slight correction. In my testing, running the native shutdown function will not disable face-id unless you shutdown or reboot. Running the native shutdown shortcut without sliding to power down will result in face-id enabled. The native shutdown function does benefit from being able to run when face-id is already disabled through vol+power.
Iāve now made this modification which Iām having success with. However, it does not run in BFU. I have not found a method, native or otherwise, that runs BFU.
OS level.
On this same topic - Do you have an opinion on whether the inclusion of a SIM card tray in devices less secure compared to US models that utilize eSIM technology exclusively? Iām curious about if there is a potential attack where an attacker inserts a malicious SIM card into a locked device, leading it to connect to an insecure network.