Researchers hack iOS passwords in under six minutes

E

Emil

Posts: 152   +0
Staff

German researchers at Fraunhofer SIT have managed to compromise and reveal passwords stored in a locked iPhone in under six minutes, without having to crack the phone's passcode. The 256-bit encryption to get the passwords stored in the devices' keychain was not broken; the encryption is independent from the personal password, which is actually supposed to protect access to the device. The attack, which also works on iPads, is worrying for those who utilize a passcode to lock their iPhone devices.

While the attack requires possession of the device since it targets the individual keychain, it could still be particularly problematic if an attacker stole an iPhone or iPad that was tied to a corporate network. Companies should educate their staff accordingly and introduce appropriate emergency procedures: not only should employees who have lost their iPhone change all their passwords, but the company should change the respective network identifications as quickly as possible as well. Fraunhofer SIT summarized their researchers' work in a video:

The researchers removed the device's SIM card, used existing exploits to jailbreak the device, installed an SSH server on the device that allows them to run queries, and then executed third-party software on the phone to copy a script to the phone that would access the keychain on the device. The method can reveal passwords from Exchange, Gmail, LDAP acounts, voicemail, VPN Wi-Fi, and even for some third-party apps. Once control of an e-mail account has been gained, the attacker can acquire additional passwords because many web services simply require a password reset request. Any iOS device using the operating system can be attacked in this way, regardless of what password the user chooses.

Many believe that smartphone device encryption provides sufficient security. "This opinion we encountered even in companies' security departments," Jens Heider, technical manager of the Fraunhofer SIT security test lab, said in a statement. "Our demonstration proves that this is a false assumption. We were able to crack devices with high security settings within a very short time. This reveals how well the security concept has been adapted to the mobile challenge."

Permalink to story.

https://www.techspot.com/news/42367-researchers-hack-ios-passwords-in-under-six-minutes.html

 
I'm an apple fanboy.

iOS is truly popular. Popular than global warming. Thanks for these researchers now apple can close the holes and claim iOS is more secured. Just read toms, iOS is more secured than Android.

I'm an apple fanboy.
 
Guest said:
I'm an apple fanboy.

iOS is truly popular. Popular than global warming. Thanks for these researchers now apple can close the holes and claim iOS is more secured. Just read toms, iOS is more secured than Android.

I'm an apple fanboy.
Click to expand...

that is sad.. that you think iOS is more secured than Android..!!
Apple sucks, and the drain your money.. try other products.. and you'll know what a dark world you were living in..!!
 
You guys are aware that the comment he made was obviously sarcastic and satire of apple fanboys.
 
Ignoring the comments about popularity, Guest comments true aren't they? When Apple fixes these security flaws Apple will be more secure and also more importantly isn't iOS more secure then Android ATM?
 
aj_the_kidd said:
Ignoring the comments about popularity, Guest comments true aren't they? When Apple fixes these security flaws Apple will be more secure and also more importantly isn't iOS more secure then Android ATM?
Click to expand...

iOS itself isn't more secure. Everything in android runs sandboxed so you can't really deem it as insecure. Also the sheer amount of exploits used to jailbreak should show how poor the iOS security really is. It's the app approval process that keeps away malicious software.
 
Good to know. Not that i am arguing but considering the large number of iPhone users most developers/hackers would concentrate their attentions on iOS rather than Android, thus be able to find flaws more easily through sheer numbers.
 
Whether it be IOS, Android, Windows, OSX, Linux, etc., there are vulnerabilites in all.
The only secure OS is the one that isn't booted.
The more we rely on mobile devices the more we have to assume that someone will be able
to get info from our devices and act accordingly when it comess to the kind of data we have on our devices.
-****
 
aj_the_kidd said:
Good to know. Not that i am arguing but considering the large number of iPhone users most developers/hackers would concentrate their attentions on iOS rather than Android, thus be able to find flaws more easily through sheer numbers.
Click to expand...

Hackers do actually think about what they are doing. iOS may have more users, but the app market is VERY strict. Hackers would rather go for an mobile OS that has a loose app store because it makes their job that much easier. That's part of the reason you see more hackers for Windows OS. It has a bigger user base, but it's also more loose than the Mac OS. The good thing about Windows is how customizable it is, but that's also it's downfall. People download themes and apps that aren't strictly monitored. And yes, this is coming from a Windows guy.

So what i'm really getting at here (before we start a Windows vs Mac war, lol) is that Apple doesn't get hacked as often because of how strict they are. People hate it, but it's really a good thing. So it has its ups and downs. Although, if you use your device like someone who has even half a brain, you'd never get infected because you wouldn't be putting random crap on from random websites anyway :)
 
aj_the_kidd said:
I do agree iOS is more secure though
Click to expand...

I can't call these as 'words of wisdom' because I don't think it is any better secured then others, however, I will give you one thing, it is much more 'polished' solution when compared to all the competition around.
 
Archean said:
aj_the_kidd said:
I do agree iOS is more secure though
Click to expand...

I can't call these as 'words of wisdom' because I don't think it is any better secured then others, however, I will give you one thing, it is much more 'polished' solution when compared to all the competition around.
Click to expand...
We will have to agree to disagree
 
Ha! I did it in 35 seconds without jailbreaking it. I had to threaten the owner with imminent demise though.

Same technique took only 28 seconds with an android phone.
 
What ever happened to Apple devices don't get viruses? Before all the mac fanboys would say it was immune to viruses and unhackable, now that apple has sold alot more products, exploits, hacks, viruses has become alot more common.
 
I'm an Apple Fanboy.

Just read this to those who think Android is more secure than iOS.

http://www.tomsguide.com/us/ios-android-security,review-1623.html

iOS pawned Android! But I think it's just user's preference If you like iOS then hate Android. If you own an Android phone, you'll hate iOS.

I'm an Apple Fanboy.
 
Interesting read, though it only reinforced my earlier assertion that iOS is more polished solution. But if someone is not careful well, security is just a pip dream.
 
Hence RIM will win for people who [know] ... Muahahahahaha.

*all these [fanbois]*
 
Guest said:
Whether it be IOS, Android, Windows, OSX, Linux, etc., there are vulnerabilites in all.
The only secure OS is the one that isn't booted./quote]
even that might soon change!
Click to expand...
 
You must log in or register to reply here.

Similar threads

A
MIT researchers showcase novel method for super-fast AI image generation
Replies
5
Views
117
ZedRM
ZedRM
Shawn Knight
Researchers develop stretchy, electrically conductive material that hardens upon impact
Replies
0
Views
59
Shawn Knight
Shawn Knight
Cal Jeffrey
New speculative execution hack can expose passwords and other sensitive data on Apple SoCs
Replies
0
Views
299
Cal Jeffrey
Cal Jeffrey

Latest posts

Back