Password retrieval in lost or stolen iPhones/iPads takes six minutes (w/ Video)

February 11, 2011 by Lin Edwards report
Screenshot of Proof of Concept approach with truncated Output of revealed Password

(PhysOrg.com) -- A team of researchers has demonstrated how passwords in iPhones and iPads can be retrieved from a stolen or lost device in only six minutes, even if it is locked. The passwords can include access passwords for corporate networks.

Scientists at the Fraunhofer Institute for Secure Information Technology (SIT) test laboratory in Germany have shown how someone who steals or finds an or iPad can use existing to “jailbreak” the device and gain access to the command shell. A secure shell (SSH) server can then be installed to enable them to run their own software on the device. Both procedures can be carried out even if the device is locked.

The attackers can then upload a script to the device to use the device’s own tools to give them access to the keychain, which is Apple’s password management system. The keychain entries can then be downloaded to the attacker’s computer.

The attack is successful because in the current operating system in “i” devices (iOS) large parts of the file system are accessible even if the device is locked, and the cryptographic key is not protected by the passcode.

The video will load shortly

The demonstration showed the researchers were able to retrieve in the keychain but not in other protection classes. They were able to access and decrypt passwords for Google Mail (as an MS Exchange account), voicemail, virtual private network (VPN), WiFi, some Apps, various MS Exchange accounts and Lightweight Directory Access Protocol (LDAP) accounts.

The researchers said with the SIM card removed from the device they could also access email passwords and access codes for corporate WLANs and VPNs. Having access to email passwords gives the attacker even more passwords since many passwords are reset simply by requesting a reset and providing the email address.

Credit: research paper (see link below)

The researchers recommended that anyone who loses an iOS device or has it stolen should immediately change all their passwords for all accounts, even those not stored in the iPhone or iPad. They also warned that similar or identical passwords to those the attackers might access on the device are especially vulnerable to hacking. They said that encryption is no protection because the encryption relies on the secret information that would be revealed by the attack.

The attack is easy to conceal, and this means that devices left unattended even for just a few minutes could be vulnerable.

Explore further: So many passwords, so little memory

More information: www.sit.fraunhofer.de/en/Images/sc_iPhone%20Passwords_tcm502-80443.pdf


Related Stories

So many passwords, so little memory

April 15, 2009

How many keys are on your keychain? I just looked at mine and counted nine keys. And that's not counting the bulky little remote control key fob that locks and unlocks my car. I've tried to consolidate my keys by making one ...

Are you any good at creating passwords?

January 30, 2010

There's an interesting little study that's been done by security firm Imperva, which analyzed some 32 million passwords posted online in December by some enterprising hacker.

Germany warns of Apple security problem

August 4, 2010

(AP) -- Several versions of Apple's iPhone, iPad, and iPod Touch have potentially serious security problems, a German government agency said in an official warning Wednesday.

Gawker hack underscores flaws with passwords

December 19, 2010

The fallout from a hacking attack on Gawker Media Inc. a week ago underscores a basic security risk of living more of our lives online: Using the same username and password for multiple sites is convenient, but costly.

Recommended for you

Inferring urban travel patterns from cellphone data

August 29, 2016

In making decisions about infrastructure development and resource allocation, city planners rely on models of how people move through their cities, on foot, in cars, and on public transportation. Those models are largely ...

How machine learning can help with voice disorders

August 29, 2016

There's no human instinct more basic than speech, and yet, for many people, talking can be taxing. 1 in 14 working-age Americans suffer from voice disorders that are often associated with abnormal vocal behaviors - some of ...

Apple issues update after cyber weapon captured

August 26, 2016

Apple iPhone owners on Friday were urged to install a quickly released security update after a sophisticated attack on an Emirati dissident exposed vulnerabilities targeted by cyber arms dealers.

4 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

Dhanne
5 / 5 (2) Feb 11, 2011
Unwanted password retrieval in iThings isn't a flaw to Apple. It's a feature. And soon Apple will charge of its usage.
zealous
not rated yet Feb 11, 2011
Sigh, there is something I was taught along time ago about computers and the like; physical access is total access. If you can touch you own it. So far that has applied to every device I've seen.
zslewis91
not rated yet Feb 11, 2011
@dhanna, from a security stand point, it is a flaw. its a crack. its what it is....most certainly nothing anyone with a brain can call a "feature". and if it is a "feature"(not sure as of the moment for i have done no research yet
tigger
not rated yet Feb 11, 2011
OMG how did you not get the sarcasm in Dhannes post!? Every man and their dog knows that Apple fan freaks are famous for leaping to the support of their holy products with claims that any hardware or software problem is in fact nothing too serious at all and they still love their beloved product no matter how dire the circumstances.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.