Threat Category: Mobile OS & Vendor Infrastructure
ID: ECO-9
Threat Description: A brute-force attack parallelized across many computers could theoretically be attempted on the authentication data and cryptographic keys (passwords, etc.) stored in the cloud.
Threat Origin
iOS Security: iOS 9.3 or later 1
Exploit Examples
Not Applicable
CVE Examples
Not Applicable
Possible Countermeasures
To reduce the probability an attacker will successfully launch a brute-force attack against cloud-based cryptographic keys, periodically change authentication credentials, digital certificates, or any cryptographic secret used to derive keys that protect access to the account or data associated with it.
As the strength of cryptographic mechanisms generally increases relative to that of any passwords or cryptographic secrets used, prefer or enforce the use of stronger passwords (increasing length, complexity, and randomness).
EnterpriseTo reduce the probability an attacker will successfully launch a brute-force attack against cloud-based cryptographic keys, periodically change authentication credentials, digital certificates, or any cryptographic secret used to derive keys that protect access to the account or data associated with it.
As the strength of cryptographic mechanisms generally increases relative to that of any passwords or cryptographic secrets used, prefer or enforce the use of stronger passwords (increasing length, complexity, and randomness).
References
iOS Security: iOS 9.3 or later, white paper, Apple, 2016. www.apple.com/business/docs/iOS_Security_Guide.pdf [accessed 8/24/16]. ↩