• The Iphone can be hacked in six minutes

    INSECURITY RESEARCHERS have busted an Iphone's encryption protection in just six minutes to gain access to passwords.
    Boffins at the Fraunhofer Institute for Secure Information Technology (SIT) in Germany devised the hack. The researchers did the tests to demonstrate that passwords aren't secure on Iphones that have been lost.

    They obviously had a point to prove and weren't happy with just hacking Apple's shoddy security encryption in six minutes. Within the allotted time, the team also managed to retrieve most of the passwords stored on the Iphone, accessing personal data that could be used to get into bank accounts.
    What's great about this hack is that the team spends some time in its report tellng us that it renders the Iphone completely vulnerable as a business tool. It could even make a company's network security vulnerable as well.

    The flaw affects all Ithings with the latest firmware and the team didn't even have to break the more complicated 256-bit encryption. They simply bypassed that because passwords are stored within IOS itself, making the encryption technology pointless, apparently even on Iphones with security settings set on high.
    Potential attackers can remove an Iphone's SIM card and can also gain access to email passwords and access codes for corporate VPNs and WLANs. This amounts to a serious hit against Apple's recent push to position its Iphone as a valid corporate proposition, having recently added more business oriented features to its consumer smartphone software portfolio than ever before.

    The Fraunhofer Institute SIT team suggess that anyone who has lost an Iphone shoud change their passwords. More importantly, companies should also change their network identifications as well.

    You can watch how they busted into an Iphone in six minutes here.

    Source: The Inquirer
    Comments 4 Comments
    1. bobbintb's Avatar
      bobbintb -
      jeez. another epic security fail. thats even worse than sonys fail.
    1. ca_aok's Avatar
      ca_aok -
      This works because while your passwords are stored encrypted on the device, they're decrypted by a key stored on the device itself... not your passcode. This is what allows you to receive emails, notifications, etc, while the phone is locked.

      While this is a fail, pretty much any security can be compromised once you have physical access to the machine. Physical security is one of the most important aspects of any technical security. Plus I wasn't aware that jailbreaking installs openssh by default (which is what appears to be exploited here), so idk.

      Anyone who's already jailbroken their phone is immune to this attack assuming you've changed both the root password and the password for the "mobile" account.
    1. Disme's Avatar
      Disme -
      Quote Originally Posted by ca_aok View Post
      Anyone who's already jailbroken their phone is immune to this attack assuming you've changed both the root password and the password for the "mobile" account.
      You'd be surprised who many people are unaware this even exists, let alone change the PW
    1. simate's Avatar
      simate -
      Ahhhh, good old Apple products, something I will never own