Researchers at the German Fraunhofer Institute for Secure Information Technology have demonstrated that it only takes six minutes to reveal the passwords stored in your iPhone keychain, reports PCWorld.
The researchers jailbreak the device then install SSH. They then copy a keychain access script to the phone. The script uses system functions to access entries in the keychain and outputs the details to the attacker.
The attack works because the cryptographic key on current iOS devices is based on material available within the device and is independent of the passcode, the researchers said. This means attackers with access to the phone can create the key from the phone in their possession without having to hack the encrypted and secret passcode.
"As soon as attackers are in the possession of an iPhone or iPad and have removed the device's SIM card, they can get a hold of e-mail passwords and access codes to corporate VPNs and WLANs as well," said the researchers in a statement. "Control of an e-mail account allows the attacker to acquire even more additional passwords: For many web services such as social networks the attacker only has to request a password reset."
This type of attack could be prevented by remotely wiping a lost or stolen device using Find My iPhone.
You can see the attack being demonstrated in the video below...
*thanks iclarified*
Our new Forum is now open here or on the top tabs marks Forums, please register and post..
For the latest limera1n, rubyra1n, and all tech stories, follow us on Twitter at
@iphonepixelpost or @limerain_com
www.iPodSets.com
- Posted using my iPhone 4
No comments:
Post a Comment