FraunhoferSit
Latest
iPhone passcode bypassed by security researchers
A group of German researchers at the Fraunhofer Institute for Secure Information Technology report that they've cracked the iPhone's keychain system, allowing access to the passwords saved on any phone in just six minutes. By jailbreaking the target phone and installing an SSH app on it, the hackers found they could access any information on the phone that they wanted, without the need to input a passcode or any other form of security from the user. In other words, if they can get their hands on your iPhone, they have access to everything on the keychain, which includes any Gmail or Exchange accounts saved on the phone, as well as network, Wi-Fi and voicemail passwords, as well as the passwords on some apps. You can read the full report as a PDF online. The only solution that Frauhofer lists in the report is that any lost or stolen iPhone must require its owners to assume that all passwords included on the handset are compromised, and must all be changed and replaced as soon as possible. It's hard to think what Apple might be able to do about this -- as long as the phone can be jailbroken, this seems possible, and obviously Apple hasn't been able to stop jailbreaks in the past, for a number of reasons. On the other hand, this hack needs access to the phone itself, so if you don't lose your phone, you're still good to go.
Researchers steal iPhone passwords in six minutes (video)
Losing your smarpthone is bad enough. But if you lose your iPhone and don't issue a remote wipe command (available for free with the Find My iPhone app) then you could find yourself in a world of hurt. Researchers at the Fraunhofer Institute Secure Information Technology (Fraunhofer SIT) can jailbreak and decrypt passwords from the iPhone's keychain -- for say, your Gmail account, corporate VPN, home WiFi, and MS Exchange -- in about six minutes using existing, known exploits. Sorry kids, your flimsy lockscreen passcode won't help. Video proof, after the break.
