ITWire

Home Data Management iPhone password security hacked in just six minutes

iPhone password security hacked in just six minutes

Get all your tech news delivered to your mail box five days a week
iTWire UPDATE - it's FREE!


Never let your iPhone out of your sight - sage advice of course; but now all your securely stored passwords could be uncovered by an attacker with just six minutes alone with your device.
For some time it has been known that much of the internals of an iPhone (here, we will use the term iPhone generically to refer to iPhone or iPad) are easily accessible to the 'intruder' without knowing any supposed secret (power-on PIN, unlock passcode etc).  This includes the ability to take a copy of the entire contents of the phone's memory.

This was probably a mere curiosity - we are able to take a copy of the contents; and do what with it exactly?

However, now we hear that researchers from Fraunhofer Institute for Secure Information Technology (SIT) have perfected a method to analyse the contents of the iPhone and extract all passwords stored in the Keychain.

The reason all this is possible is that, although a passcode is required to unlock access to the phone's contents, the cryptographic key is based entirely on information contained within the iPhone.  This remains true as of iOS firmware v4.2.1

This can only be described as reckless in the extreme!

Remember, we say passwords when we describe access to VPNs, WiFi portals, MS Exchange accounts etc.

According to the SIT paper, "In current versions of iOS, the keychain contains user accounts including passwords such as email, groupware, VPN, WiFi, websites and often also passwords and certificates used in 3rd party apps. As these secrets are stored encrypted in the keychain, the questions is: Which key is used for the encryption and which practical barrier does it create for an attacker with access to the device."

As the paper demonstrates, the key is easy and the barrier is almost non-existent.

RECRUITMENT & RETENTION REPORT 2013

HIRE OR FIRE? BUY OR BUILD

2013 is well underway and Australian companies need to know whether they should invest in IT skills training or pay a premium for the people they need.

If you want to know which choices are being made in your sector, what skills are hard to find, which sectors intend to hire or fire and where the IT spend is going, this free report is must have.

GET YOUR REPORT NOW

David Heath

joomla statistics

David Heath has over 25 years experience in the IT industry, specializing particularly in customer support, security and computer networking. Heath has worked previously as head of IT for The Television Shopping Network, as the network and desktop manager for Armstrong Jones (a major funds management organization) and has consulted into various Australian federal government agencies (including the Department of Immigration and the Australian Bureau of Criminal Intelligence). He has also served on various state, national and international committees for Novell Users International; he was also the organising chairman for the 1994 Novell Users' Conference in Brisbane. Heath is currently employed as an Instructional Designer, building technical training courses for industrial process control systems.

More in this category: « Telstra struggles to keep data centres operating Cutting storage power requirements »
back to top


Services

Company

Community

Connect