German researchers at Fraunhofer SIT have managed to compromise and reveal passwords stored in a locked iPhone in under six minutes, without having to crack the phone's passcode. The 256-bit encryption to get the passwords stored in the devices' keychain was not broken; the encryption is independent from the personal password, which is actually supposed to protect access to the device. The attack, which also works on iPads, is worrying for those who utilize a passcode to lock their iPhone devices.
While the attack requires possession of the device since it targets the individual keychain, it could still be particularly problematic if an attacker stole an iPhone or iPad that was tied to a corporate network. Companies should educate their staff accordingly and introduce appropriate emergency procedures: not only should employees who have lost their iPhone change all their passwords, but the company should change the respective network identifications as quickly as possible as well. Fraunhofer SIT summarized their researchers' work in a video:
The researchers removed the device's SIM card, used existing exploits to jailbreak the device, installed an SSH server on the device that allows them to run queries, and then executed third-party software on the phone to copy a script to the phone that would access the keychain on the device. The method can reveal passwords from Exchange, Gmail, LDAP acounts, voicemail, VPN Wi-Fi, and even for some third-party apps. Once control of an e-mail account has been gained, the attacker can acquire additional passwords because many web services simply require a password reset request. Any iOS device using the operating system can be attacked in this way, regardless of what password the user chooses.
Many believe that smartphone device encryption provides sufficient security. "This opinion we encountered even in companies' security departments," Jens Heider, technical manager of the Fraunhofer SIT security test lab, said in a statement. "Our demonstration proves that this is a false assumption. We were able to crack devices with high security settings within a very short time. This reveals how well the security concept has been adapted to the mobile challenge."