Password retrieval in lost or stolen iPhones/iPads takes six minutes (w/ Video)

Feb 11, 2011 by Lin Edwards report
Screenshot of Proof of Concept approach with truncated Output of revealed Password

(PhysOrg.com) -- A team of researchers has demonstrated how passwords in iPhones and iPads can be retrieved from a stolen or lost device in only six minutes, even if it is locked. The passwords can include access passwords for corporate networks.

Scientists at the Fraunhofer Institute for Secure Information Technology (SIT) test laboratory in Germany have shown how someone who steals or finds an or iPad can use existing to “jailbreak” the device and gain access to the command shell. A secure shell (SSH) server can then be installed to enable them to run their own software on the device. Both procedures can be carried out even if the device is locked.

The attackers can then upload a script to the device to use the device’s own tools to give them access to the keychain, which is Apple’s password management system. The keychain entries can then be downloaded to the attacker’s computer.

The attack is successful because in the current operating system in “i” devices (iOS) large parts of the file system are accessible even if the device is locked, and the cryptographic key is not protected by the passcode.

This video is not supported by your browser at this time.

The demonstration showed the researchers were able to retrieve in the keychain but not in other protection classes. They were able to access and decrypt passwords for Google Mail (as an MS Exchange account), voicemail, virtual private network (VPN), WiFi, some Apps, various MS Exchange accounts and Lightweight Directory Access Protocol (LDAP) accounts.

The researchers said with the SIM card removed from the device they could also access email passwords and access codes for corporate WLANs and VPNs. Having access to email passwords gives the attacker even more passwords since many passwords are reset simply by requesting a reset and providing the email address.

Credit: research paper (see link below)

The researchers recommended that anyone who loses an iOS device or has it stolen should immediately change all their passwords for all accounts, even those not stored in the iPhone or iPad. They also warned that similar or identical passwords to those the attackers might access on the device are especially vulnerable to hacking. They said that encryption is no protection because the encryption relies on the secret information that would be revealed by the attack.

The attack is easy to conceal, and this means that devices left unattended even for just a few minutes could be vulnerable.

Explore further: Computer software accurately predicts student test performance

More information: www.sit.fraunhofer.de/en/Images/sc_iPhone%20Passwords_tcm502-80443.pdf


Related Stories

Germany warns of Apple security problem

Aug 04, 2010

(AP) -- Several versions of Apple's iPhone, iPad, and iPod Touch have potentially serious security problems, a German government agency said in an official warning Wednesday.

Are you any good at creating passwords?

Jan 30, 2010

There's an interesting little study that's been done by security firm Imperva, which analyzed some 32 million passwords posted online in December by some enterprising hacker.

Gawker hack underscores flaws with passwords

Dec 19, 2010

The fallout from a hacking attack on Gawker Media Inc. a week ago underscores a basic security risk of living more of our lives online: Using the same username and password for multiple sites is convenient, but costly.

So many passwords, so little memory

Apr 15, 2009

How many keys are on your keychain? I just looked at mine and counted nine keys. And that's not counting the bulky little remote control key fob that locks and unlocks my car. I've tried to consolidate my keys by making one ...

Recommended for you

Ant colonies help evacuees in disaster zones

Apr 16, 2014

An escape route mapping system based on the behavior of ant colonies could give evacuees a better chance of reaching safe harbor after a natural disaster or terrorist attack by building a map of showing the shortest routes ...

User comments : 4

Adjust slider to filter visible comments by rank

Display comments: newest first

Dhanne
5 / 5 (2) Feb 11, 2011
Unwanted password retrieval in iThings isn't a flaw to Apple. It's a feature. And soon Apple will charge of its usage.
zealous
not rated yet Feb 11, 2011
Sigh, there is something I was taught along time ago about computers and the like; physical access is total access. If you can touch you own it. So far that has applied to every device I've seen.
zslewis91
not rated yet Feb 11, 2011
@dhanna, from a security stand point, it is a flaw. its a crack. its what it is....most certainly nothing anyone with a brain can call a "feature". and if it is a "feature"(not sure as of the moment for i have done no research yet
tigger
not rated yet Feb 11, 2011
OMG how did you not get the sarcasm in Dhannes post!? Every man and their dog knows that Apple fan freaks are famous for leaping to the support of their holy products with claims that any hardware or software problem is in fact nothing too serious at all and they still love their beloved product no matter how dire the circumstances.

More news stories

Hackathon team's GoogolPlex gives Siri extra powers

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Better thermal-imaging lens from waste sulfur

Sulfur left over from refining fossil fuels can be transformed into cheap, lightweight, plastic lenses for infrared devices, including night-vision goggles, a University of Arizona-led international team ...

Deadly human pathogen Cryptococcus fully sequenced

Within each strand of DNA lies the blueprint for building an organism, along with the keys to its evolution and survival. These genetic instructions can give valuable insight into why pathogens like Cryptococcus ne ...