More iPhone Security Issues Exposed, Passwords Cracked in 6 Minutes

By , Feb 10, 2011

It seems like at least once a month we report a story about the iPhone’s security problems, and this latest security revelation is a bit shocking.

Researchers from the German Fraunhofer Institute Secure Information Technology have discovered a way to crack iPhone passwords via jailbreaking in about 6 minutes.

We don’t mean your iPhone’s dinky 4-digit passcode either; we mean everything stored in your keychain; email, VPN, Wi-Fi, the list goes on…

The above video showcases the entire process of hacking your iPhone for its precious unmentionables.

The process includes jailbreaking your iPhone, accessing the file system, copying your keychains, and then executing a special script on a desktop in order to decrypt your passwords.

It’s probably not something your average person is going to be able to do, but even those with a little bit of know how could probably pull this off if they had the desktop tool.

Interesting stuff. The best security is to keep your iPhone in your sight at all times.

What do you think about the iPhone’s continuing security woes?

[IBTimes]

  • Share:
  • Follow:
  • Doug

    A person would have to steal your phone before attempting something like this by that point you should already have tried to find it and or wipe it remotely from mobile me

    • Goofygreek

      A Lot of people don’t have mobile me. I personally do, and my phone never leaves my site anyways.

      • Jenifer

        Yes , I agree one has to steal the phone. For latest on iPhone,iPod,iPad, Apple,Android and Jailbreak Please visit enewsplus.com Thanks

  • it’s willy bitch

    That’s where 4.3 with the ARLS thing comes in.

  • Doug

    Well find my iPhone is free if set up on an iPhone 4. You don’t have to pay for the whole suite anymore. And each phone can set up like 3 accounts. I have an iPhone 4 but my brother and gf only had 3GS. I let them both create their free acclunts on mine. My brother just did it this week since he wasn’t on 4.2.1 until greenpois0n came out.

    It might be time iDB ran a reminder since most people other than unlockers are probably on the supported firmware now. The beat safety feature though is of course always keeping a very close eye on it

  • SBVB

    If you were smart enough to steal and crack the security on an iPhone, im pretty sure youd know how to turn data and wi-fi off so that mobile me couldnt access the iphone to wipe it….

    • Ai

      Now you’re talking like a true hacker:)

      • Doug

        Well at some point they’re going to need an Internet connection to download and install cydia and the other packages they need.

        This jut seems like a dumb article. Its not like they can get into anything wirelessly. Someone physically has to steal your iPhone. If you’re that dumb you deserve to have what ever info is on it compromised. Hackers are pieces of shit and these ones are German. I hardly consider this a security issue

      • Me

        They don’t need the internet to install cydia Doug, they flash a pre-configured IPSW to the phone using a modified JB process that doesn’t touch the user’s phone at all…it’s called a RAMdisk, and all it needs is SSH installed, then you access the phone’s SSH via USB with something called itunnel_mux. I should know, I have some of these custom IPSW built and can access the complete filesystem of any iPhone, the new bit is decrypting the keychain.

        Hacker’s may be pieces of shit, but these guys are researchers, and refusing to share the code. The fact they’ve done it and shared that knowledge means that bad guys could already be doing this and letting people know bad guys /may/ have full access to someone’s Google or Exchange account is knowledge that needs to be shared.

        Go get drunk and leave your iPhone in a bar (a la an Apple Employee…) and see if you’re saying you deserved to get compromised once they have access to your email account and work VPN.

      • Graye

        Just so we’re clear, hacker =/= bad guy. (Let’s start by noting that you’d have no jailbreak if it wasn’t for friendly hackerfolk who 1.) were interested in hacking iOS, and 2.) were happy to share their information with others.)

    • Z

      Or they can just go to the settings and turn off mobileme

      • SoCoMagNuM

        @Doug if hackers were never into the picture you wouldnt have a jailbroken iphone…only what apple allows you to do with device. not all hackers are back. they help do research and help build better security of devices thus help make it hard for the “harmful” hackers to get your information. that field can work both good and bad.

  • FFFFFfffff

    This is nothing new. The Jonathan Zdziarski method accomplished this level of access since ios v2.2.

    The security on the iphone sucked then and it still sucks now.

  • msxy

    i saw it already yesterday. thx anw for the info

  • Me

    As a Computer Security consultant, your statement that everything stored in the keychain can be grabbed is wrong. Only things stored with a setting less than “requires passcode unlock” can be pulled. This means Exchange (Microsoft or Google), WiFi and VPN can be grabbed. Regular IMAP accounts and any password you’ve saved in Safari cannot.

  • Maglor

    What about if we change the SSH password that comes by defect with it? Won’t that make it harder for them?

  • Me

    @Maglor in a word, no. The IPSW they upload is uploaded and stored entirely in RAM when they do the first part of the JB process (which is a standard with all jailbreaking processes) when you’ve put the phone in DFU mode. It does not overwrite user data at all. When this is run, even if your device is already jailbroken, it is basically a completely new jailbreak…and so has the default SSH password, which then hardcode into their script.

    As far as I know, this method still doesn’t run a GUI, such as Springboard, so they can’t just plug in your phone and access all your email via Mail.app, it only gives them CLI access when they connect to the SSH server that has started at boot. But that is running at the root user, so they have complete control of all the files on your device.

    The only protection from this attack is to not let your iPhone get into the hands of people wanting to do this in the first place.

  • Ernesto Castellanos

    I’ve been doing this for quite some time now. It’s nit difficult at all… That’s how I found my dad’s email password.

  • http://callpod.com/keeper Craig Lurey

    If you are using Keeper Password & Data Vault (by Callpod), your passwords within Keeper are safe. Keeper does not use iPhone’s keychain.

  • Maglor

    What about the 1password app?

  • jacqueline barton

    so guys whats the best and easiest way in protect my iphone 4 from having its contents stolen? Genuine request as i have recently had my email password figured out!!! any help much appreciated.