If you're an iPhone or iPad owner who uses hotspot mode but never bothered to change the seemingly-random password suggested by iOS, now is definitely a good time. German researchers have discovered (pdf) the passwords iOS issues can be easily predicted, allowing them to be cracked in as little as one minute using consumer hardware.
The algorithm iOS uses to generate hotspot keys takes a dictionary word, adds a couple of numbers and voila -- an easily memorable password is born. The problem though, is despite the endless variety of words available in the English language, iOS draws its password inspiration from a narrow selection of just 1,842 words.
The second issue is certain words appear several times more frequently than other words. For example, out of nearly 2,000 words, "suave" had a 1-in-125 chance of being used. Meanwhile, "macaws" -- the tenth most-likely word to be used -- appeared 1-in-345 times. Knowing iOS' preferred word selection allows brute force crackers to start with the most common ones first, further reducing the time needed.
A PC armed with a Radeon HD 6990 GPU was able to crack the average iPhone hotspot in 52 seconds while four Radeon HD 7970s yielded an average of just 24 seconds. GPUs are favored amongst crackers for their ability to perform massively parallell computations.
Although researchers revealed how easily an iOS-generated hotspot password can be brute forced, other exploits like attacking iOS' PSK authentication method help to facilitate the process. Because handheld devices aren't equipped with high-end GPUs, researchers even discussed offloading the computational work to a cloud-based service like CloudCracker for cracking hotspots on-the-go.
Of course, Apple doesn't have a monopoly on devices with easily cracked hotspot passwords. Windows Phone and some Android handsets don't fare much better.
Windows Phone, for example, auto-generates hotspot passwords consisting of eight numbers. This means you already know what the password could be, making Windows Phone susceptible to brute force attacks. More research may reveal an additional weakness though, which could narrow that selection of 10^8 possibilities down to something even more tractable.
Meanwhile, Android's default password generator conjures sufficiently strong passwords, but some vendors have taken the liberty of greatly reducing its effectiveness. "Android-based models of the smartphone and tablet manufacturer HTC are even shipped with constant default passwords consisting of a static string (1234567890)" researchers noted.
When boiled down to its nuts and bolts though, the moral of this story is probably this: always create your own passwords, provided you follow some of the basic principles for creating strong ones.
The Apple iPhone 5 is the latest flagship smartphone from Apple. The iPhone 5 features a 4-inch display retains the same 326 PPI density as its predecessor with an effective resolution of 1,126 x 640, and a new Lightning connector. The new handset now features 802.11a/b/g/n Wi-Fi with 802.11n supporting dual-band 2.4GHz and 5GHz frequencies. Bluetooth 4.0 is back in addition to GPS and GLONASS for location services.
The Galaxy S4 is a continuation of Samsung's flagship Android handset, in a sleeker and more modern version inside and out. The S4 features a 1.9 GHz quad-core Qualcomm Snapdragon 600, 2GB of RAM, and a 5-inch Super AMOLED Plus display. The S4 also packs 4G LTE, Wi-Fi 802.11 a/b/g/n/ac, IR LED Remote Control, MHL 2.0, NFC, and Bluetooth 4.0.
The Samsung Galaxy Note II is slimmer and thinner than its predecessor. The Galaxy Note II has a 1.6 GHz quad-core processor, 2GB of RAM, and 16 to 64GB of internal storage to handle your daily activities. A microSD slot adds even more memory by providing the option of supporting an additional 64GB of storage.
The iPad mini is a smaller version of the iPad and it’s much more than just a shrunken-down iPad. The iPad Mini packs a dual-core A5 processor, dual-band 802.11a/b/g/n Wi-Fi, a FaceTime HD camera, 5-megapixel rear iSight camera with 1080p recording and an optional LTE radio. The Mini sports a 7.9-inch display and 1,024 x 768 resolution. Battery life is estimated at 10 hours.
Downloads and Drivers
From the Forums
Subscribe to TechSpot
Receive a weekly update of our best features and tech news you don't want to miss: