Default iOS hotspot passwords can be cracked in under a minute

By , Jun 19, 2013

Verizon iPhone's Personal Hotspot Feature

You may want to reconsider using a default password iOS provides for hotspot functionality as researchers at a German university warn of the weaknesses that let attackers crack any default iOS hotspot password in under a minute. Although Windows Phone uses even weaker passwords and some Android vendors weaken their device’s security by modifying the Wi-Fi-related components, Apple’s problem is that iOS generates “random” hotspot passwords using a dictionary of only 1,842 different entries…

Michael Lee, writing for ZDNet, points to the disturbing findings by researchers at the University of Erlangen in Germany who found iOS creates default hotspot passwords using a dictionary of 52,500 words from the Scrabble game.

Although Apple appends randomly generated numbers to the words from this dictionary, this isn’t stopping attackers from cracking the weak passwords.

The researchers explain:

This list consists of around 52,500 entries, and was originated from an open-source Scrabble crossword game. Using this unofficial Scrabble word list within offline dictionary attacks, we already had a 100 percent success rate of cracking any arbitrary iOS hotspot default password.

Cracking those passwords requires some serious oomph: the researchers used a GPU cluster consisting of four AMD Radeon HD 7970s. After capturing the Wi-Fi connection handshake, the researchers used the AMD hardware to iterate over all items in the list, including the permutations of additional numbers..

This hardware can crack default iOS hotspot passwords in under just 50 seconds.

It isn’t helping that Apple appears to be using only 1,842 words from the scrabble dictionary.

“Consequently, any default password used within an arbitrary iOS mobile hotspot is based on one of these 1,842 different words,” the research note explains.

It’s even worse on Windows Phone and Android, with the latter generating default hotspot passwords that consist of only eight-digit numbers. And even though Android generates strong passwords, “some vendors modified the Wi-Fi-related components utilised in their devices and weakened the algorithm of generating default passwords”.

The issue fuels serious security concerns, especially when users connect their MacBook, iPad or other device to a hotspot created on an iOS device.

In order to strengthen your security and prevent any potential eavesdropping, you’re advised not to accept default hotspot passwords iOS randomly generates.

Instead, use Settings > Personal Hotspot to replace the default password with your own uniquely generated strong password that should not contain birthday dates, spouse names and other commonly used and easily guessed terms.

  • Share:
  • Follow:
  • Guest

    This could be easily fixed by Apple not allowing thousands of attempts from the same device to connect within one minute.

    • Marius Wegmann

      That is not how this type of attack works. You just need to capture the handshake(when one device connects to router or in this case the ios device) and then you crack the password from that hand shack using a brute-force or dictionary attack.

      • http://klikkit.co.uk/ Jake – Klikkit

        Yeah.. and that brute force should be detected.. it’s not hard for Apple to incorporate a system that detects the amount of attempted & failed connections

      • Arturo Millan

        not that easy or every router/modem should be fixed and BackTrack would not exist…

      • http://klikkit.co.uk/ Jake – Klikkit

        most modern routers do have this capability, I think it’s actually a security requirement today

      • Arturo Millan

        No its not, I can still go anywhere, find a router/modem close to me and BackTrack it, there is no single Modem that I haven’t been able to access to thanks to BackTrack 5 (BackTrack 4 its giving me problems thou)

  • omrishtam

    is that ios 4?

    • Matthew

      IKR! Is anyone even still on that. The iOS devices I see are on iOS 6. If they aren’t on 6 they are on iOS 7.

  • Samy060

    Default password from my iPhone 5 is composed of 5 letters and 4 digits. So I guess it can’t be found using only their scrabble dictionary …

    • Alejandro M. Marez

      So was mine, there wasn’t even a word it. The default passcode was totally random.

  • Adam Paulik

    But I can see one more device connected ;)

  • Philipp Steigler

    iOS 4 ^^

  • wadjj

    I don’t recall I ever saw a green battery ( my first idevice came in iOS5), so I guess as others assumed it is iOS 4.x, therefore this shouldn’t be a concern

  • felixtaf

    Some body must have this super computer with 4 GPU ‘s for this hack… Possible, but practically impossible…

    • Arturo Millan

      You’d know that GPU are only like $200 each? You can build a gaming PC with more than 4 GPUs for under $3000 bucks -.-‘

      • felixtaf

        The GPU they mentioned is about 400$ -500$ each. You can tell me from where u can get it for 200$. I can buy 1 for me!

  • Hello

    Does anyone know if the secured hotspots use WEP, WPA, or WPA2?

    • Mads Teland

      iOS hotspots uses WPA2 :-)

  • felixtaf

    What if the photo is jus a demo of iOS hotspot? Still this hack is practically impossible… Somebody must have this 4 GPU computer, they must be within the ur wifi range and also ur device will show how many connections are there …

  • http://www.lerchconsultants.ch/ Florian Lerch

    My default password was actually babes + 4 numbers ;)

    • Adrian12369

      PLAYA!

  • Tsavo Walker

    Nice…

  • Chris Wagers

    I don’t think they need the 4 GPU’s they only need 4 GPU’s I think to crack it in the 50 seconds.

  • http://www.eraser.org B. Braun

    Ehm, set your own password and you’re good to go. No need to panic!

  • http://173.58.214.169/ That’s what Siri said!!!

    I do not even use the hotspot. I cannot change the wi-fi channel so it always messes with my home wi-fi.

    • Raul Henriquez

      Stupid lol

  • http://173.58.214.169/ That’s what Siri said!!!

    I do not even use the hotspot. I cannot change the wi-fi channel so it would mess with my home wi-fi.

    • Enes Taşdemir

      Well, change the home wi-fi’s channel then.

  • Wamid

    After this discovery.. I can imagine him following some random person around because they forgot to turn off their hotspot.

  • Macdemon

    It goes without saying that the hotspot password should be changed, along with your voicemail pin.