Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Iphone Security Apple

iPhone Attack Reveals Passwords In Six Minutes 186

Posted by samzenpus from the what-took-so-long? dept.
angry tapir writes "Researchers in Germany say they've been able to reveal passwords stored in a locked iPhone in just six minutes and they did it without cracking the phone's passcode. The attack, which requires possession of the phone, targets keychain, Apple's password management system. Passwords for networks and corporate information systems can be revealed if an iPhone or iPad is lost or stolen."
This discussion has been archived. No new comments can be posted.

iPhone Attack Reveals Passwords In Six Minutes More

iPhone Attack Reveals Passwords In Six Minutes

Comments Filter:

  • Re:Well... (Score:4, Insightful)

    by intellitech ( 1912116 ) * on Thursday February 10, 2011 @10:35AM (#35161736)

    Give them a break! It's not like they have billions of dollars in annual profit which could help them do some serious security R&D.

  • Re:Physical Access (Score:4, Insightful)

    by rainmouse ( 1784278 ) on Thursday February 10, 2011 @11:03AM (#35162046)
    It's easier to steal or loose your phone than it is to break into your home and steal your desktop and considering the majority of people use the same passwords for email, Facebook, Amazon shopping and online banking, I'd consider this a serious security breach. Yes you can call people dumb for not being tech savvy but isn't that the target audience for apple products? (I don't mean dumb, just non-technical minded folk)

  • Re:Every single smart phone has same problem (Score:4, Insightful)

    by clang_jangle ( 975789 ) on Thursday February 10, 2011 @11:17AM (#35162164) Journal

    THink about it.... Do you enter a passwrod when start your phone?

    Of course I do. Any real geek probably has a password set, and a suitably short timeout. Still, physical access to any device trumps almost any security measure. The headlines scream "iPhone" but this can be done with any mobile device, once you have it in your possession.

  • Re:What (Score:3, Insightful)

    by Cronock ( 1709244 ) on Thursday February 10, 2011 @11:59AM (#35162718)
    Nobody says they're unhackable. I think youre thinking about the classic "macs are more secure" debate, which is much different. But nobody with an ounce of geek in them would stretch so far to say something is unhackable. Anything can be hacked when an appropriately skilled person is given enough patience, physical access, and the right tools.

  • Re:Relies on Jailbreaking (Score:5, Insightful)

    by v1 ( 525388 ) on Thursday February 10, 2011 @12:26PM (#35163054) Homepage Journal

    Whatever. Being root does not somehow magically allow you to decrypt abitary data.

    The data decrypted isn't arbitrary. It's information the phone requires when it starts up. Therefore the phone itself has to have some way (usually protected by root privileged objects) to unlock that information.

    Any phone, or computer for that matter, that has automatic login enabled has to make this sacrifice. The iphone auto logs in as user "mobile". OS X (and therefore iOS) has a very convoluted/obfuscated way to unlock the user keychain based on automatic login, but of course no matter how much they obfuscate it, it can be defeated given enough time and dedication, by people that are capable of reverse-engineering your binaries.

    This isn't a security blunder by Apple, it's a necessary tradeoff made by any operating system that features auto login. The only way to strengthen this is by encrypting the actual key with the unlock code, but four digits isn't enough entropy to even be worth the effort. You might turn a 6 minute hack into a 7 minute hack if you're very lucky. And as others have pointed out, that's about as much inconvenience as users will tolerate in an unlock code.

Slashdot Top Deals

"No matter where you go, there you are..." -- Buckaroo Banzai

Close