Researches have discovered a method to extract passwords from an iPhone’s keychain in less than 6 minutes. Even if the front of the device is locked down, the user’s secret passcode is not needed, as the protection provided by the passcode is bypassed by the system.
The team from Fraunhofer Institute Secure Information Technology (Fraunhofer SIT) have written a paper on a system that can jailbreak and decrypt passwords from an iPhone’s keychain, giving them access to anything you might have on your iPhone. Such as Gmail account, corporate VPN, home WiFi, and MS Exchange. Watch the video after the break to see how easy the process is.
Understanding the Vulnerability
The vulnerability discovered by Fraunhofer SIT is particularly concerning because it bypasses the iPhone’s passcode protection. This means that even if you have a strong passcode, it won’t prevent an attacker from accessing your keychain data. The keychain is a secure storage container that holds various sensitive information, including passwords, certificates, and private keys. By exploiting this vulnerability, attackers can gain access to a wide range of personal and corporate data.
The process involves jailbreaking the iPhone, which is a method of removing software restrictions imposed by Apple. Once the device is jailbroken, the attacker can run a script that decrypts the keychain and extracts the stored passwords. This method is alarmingly quick, taking less than six minutes to complete. The implications are significant, especially for individuals and organizations that rely on the security of their iPhones to protect sensitive information.
Protecting Yourself from Keychain Attacks
The best way to protect yourself from being open to this sort of hacking, when you lose your phone for instance, is to set up a remote wipe facility before losing your iPhone. This will allow you to remove all data from your iPhone via a remote command if you should lose or have your iPhone stolen. The free iPhone app Find My iPhone offers a good remote wipe facility.
In addition to setting up a remote wipe, there are several other steps you can take to enhance the security of your iPhone:
- Enable two-factor authentication (2FA) for your Apple ID and other important accounts. This adds an extra layer of security by requiring a second form of verification in addition to your password.
- Regularly update your iPhone’s software to ensure you have the latest security patches and improvements.
- Use a strong, unique passcode for your iPhone. Avoid simple passcodes like “1234” or “0000” and opt for a longer, alphanumeric passcode if possible.
- Be cautious about the apps you install and the permissions you grant them. Only download apps from trusted sources, such as the Apple App Store.
- Consider using a password manager to generate and store complex passwords for your accounts. This can help reduce the risk of using weak or reused passwords.
By taking these precautions, you can significantly reduce the risk of your iPhone being compromised and your sensitive information being accessed by unauthorized individuals.
Via
Latest Geeky Gadgets Deals
Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.