How iPhone passwords Hacked in Six Minutes

IPhone has been lost or stolen can be a terrible experience. Not only do you have to deal with replacing the device, but you also have to worry about someone accessing all the personal information you've got on the gadget....
That's why you always remember to password-protect your iPhone to keep all your data safe if something goes wrong.
Its too bad that only slows hackers down for about six minutes. PC World reports that researchers at the Fraunhofer Institute Secure Information Technology in Germany published a paper which describes how someone with malicious intent can easily reveal most of the passwords stored on an iPhone — whether the device itself is password-protected or not.

The first step in the method is to jailbreak the device, which basically means circumventing some iPhone security measures and installing software not authorized by Apple. This can be accomplished using one of many freely available software tools and allows for the installation of an SSH server — which in turn allows for access to the device's password management system, better known as the keychain. At this point there's a tricky step in which hackers face a keychain database which is encrypted with a key that can't be extracted from the iPhone. The solution? Use the key from software within the device.
A few clicks later the iPhone will happily share its stored secrets. MS Exchange accounts, LDAP accounts, voicemail, VPN passwords, WiFi passwords and some app passwords are all easily viewed. The only things safe for the time being are passwords for web sites, and that's only because they are stored in a different protection class.
The good news is that the researchers who discovered this particular password revealing method will not be revealing the exact scripts they used to accomplish the task. It shouldn't take long for someone else to figure the method out.
There doesn't appear to be any preventative measures you can take to keep your data safe. All you can do is rush to change your passwords the instant you notice your iPhone is missing.

The first step in the method is to jailbreak the device, which basically means circumventing some iPhone security measures and installing software not authorized by Apple. This can be accomplished using one of many freely available software tools and allows for the installation of an SSH server — which in turn allows for access to the device's password management system, better known as the keychain. At this point there's a tricky step in which hackers face a keychain database which is encrypted with a key that can't be extracted from the iPhone. The solution? Use the key from software within the device.
A few clicks later the iPhone will happily share its stored secrets. MS Exchange accounts, LDAP accounts, voicemail, VPN passwords, WiFi passwords and some app passwords are all easily viewed. The only things safe for the time being are passwords for web sites, and that's only because they are stored in a different protection class.
The good news is that the researchers who discovered this particular password revealing method will not be revealing the exact scripts they used to accomplish the task. It shouldn't take long for someone else to figure the method out.
There doesn't appear to be any preventative measures you can take to keep your data safe. All you can do is rush to change your passwords the instant you notice your iPhone is missing.

Mr Cracker

Linkbar

I get as much enjoyment from trashing code as I do from scratching it out in the first place!

How iPhone passwords Hacked in Six Minutes

>> Thursday, February 10, 2011

Post a Comment

Translate into your language

Become Fan on Facebook

Recent Posts

Blog Archive

Feedjit