On Thu, Apr 29, 2021, at 6:07 PM, jimthing wrote: “The point is they CANNOT unlock it, period.”
If the thefts are organized enough, there’s a good chance that the fence will have access to known jailbreaks, or police-level gear such as Graykey that bypass the “ten-wrong guesses cause the phone to erase” (assuming that’s even enabled). If it’s a 6 digit pin, it would only take them a few days or less to unlock it. A ten digit password (letters and numbers) would take about 25 years (currently–probably not that long three years from now).
The original Graykey won’t work against newer phones, but GrayShift is still in business selling to police and people who manage to appear to be police, and all OSes will always have security bugs, and shops such as Graykey and Cellebrite pay big money for zero-day bugs. (Though Cellebrite didn’t bother to invest in their own security, much to everyone’s current amusement.)
Even without unlocking skills or gear, if the thieves manage to scam the owner or the owners family or friends, they could get enough personal data to take good guesses and maybe succeed within the ten try limit. People do not choose good passcodes/passwords, they choose memorable ones–birthdates, phone numbers, pet names. Then they talk about all of that stuff on twitter, facebook, and everywhere else.
Always use the best security you can manage–and assume that it will fail so have a backup plan. Getting new credit cards and changing all passwords (especially the Apple ID password) is a lot less trouble than the potential alternatives.