Jump to content


Photo

Hack reveals passwords from locked iPhones and iPads


  • Please log in to reply
No replies to this topic

#1 Terryala

Terryala

    Board Grand Dad

  • Charter Members
  • 17,910 posts

Posted 10 February 2011 - 08:25 PM

Hack reveals passwords from locked iPhones and iPads

QUOTE
No passcode required

By Dan Goodin in San Francisco ?

Posted in Security, 10th February 2011 18:44 GMT

Researchers have devised a method for stealing passwords stored on locked iPhones and iPads that doesn't require - Read our board rules -ing of the device's passcode.

The technique, disclosed on Thursday by members of the Fraunhofer Institute for Secure Information Technology, requires physical access to the targeted iPhone or iPad, so remote attacks aren't possible. But it takes less than six minutes and carry out, and the after effects are easy to conceal, making it ideal to carry out on devices that are lost, stolen or temporarily unattended.

The hack exploits cryptography in the iOS password management system ? known as keychain ? that uses a secret key that is completely independent of the device's passcode. That saves attackers who manage to access the file system the hassle of deducing a key that's based on a passphrase set up by the user.

?After using a jailbreaking tool, to get access to a command shell, we run a small script to access and decrypt the passwords found in the keychain,? the researchers wrote in a paper (PDF). ?The decryption is done with the help of functions provided by the operating system itself.?

The script also reveals always-encrypted account settings for things like user names and server addresses for all stored accounts, as well as the account clear-text secrets. The hack worked on a locked iPhone 4 running iOS 4.2.1, which was the most current firmware version at time of writing. A demo of the attack is available on YouTube - you can view it below.

?The accessibility of keychain secrets without requiring the passcode is considered a result of a trade-off between system security and usage convenience,? the researchers wrote. ?The passwords for network related services should be available directly from device startup, without having to enter the passcode first.?

[attachment=14230:3.png]

The technique doesn't retrieve passwords stored in parts of the device that remain off limits until the passcode is entered.

Still, the hack can reveal a wealth of sensitive codes, including those used for virtual private networks, Wi-Fi networks, LDAP accounts, voicemail systems and Microsoft Exchange accounts. And that's likely to spook large business customers with employees that use the devices to connect to sensitive company systems. ?


http://www.theregist...retrieval_hack/