Wednesday, July 27, 2016
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Microsoft Adds Artificial Intelligence Elements To New Smart Camera App
Xiaomi Announces Redmi Pro OLED Smartphone And Mi Notebook Air Laptop
Future Apple Stylus Could Operate as a Joystick
Twitter's Video Advertising Expansion Remains Slow
LG Display Invests KRW 1.99 Trillion in Flexible OLED Display Production
Nintendo Reports First-quarter Loss
Samsung To Release HDR+ Firmware Update for 2016 SUHD TVs
Apple To Invest In AI And AR As iPhone Sales Keep Declining
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > Mobiles > Researc...
Last 7 Days News : SU MO TU WE TH FR SA All News

Friday, February 11, 2011
Researchers Bypass iPhone Password in Just A Few Minutes


German researchers were able to break the password Apple's iPhone 4 in just six minutes, highlighting the public perception of protection strength provided by Apple's iOS device encryption does not reflect all aspects of the security for stored passwords.

In a new report, Jens Heider and Matthias Boll of the Fraunhofer Institute for Secure Information Technology show how to make speedy work of hacking the smartphone.

The reserahcers conducted tests with iPhone 4 and iPadWiFi+3G hardware with the latest firmware 4.2.1.

They firstly got access to the file system, copied the keychain access script to file system and then they executed a script which revealed stored accounts and secrets.

The first step depends on the device?s iOS version and hardware but in general can be achieved with a jailbreaking tool and by installing an SSH server on the device without overwriting user data. Now software can be launched unrestricted on the device.This way the software can access all files including the keychain database. Secrets in this database are encrypted with the device's key, which could not be extracted from the device. However, the key can be used from software within the device.

In the second step, the researchers copied their keychain access script to the device via the SSH connection. It uses system functions to access the keychain entries, which made it not necessary to reverse engineer the encryption mechanism of the keychain items.

The last step executes the script, which outputs the found accounts to the shell screen.

After using a jailbreaking tool, to get access to a command shell, the researchers run a small script to access and decrypt the passwords found in the keychain. The decryption was done with the help of functions provided by the operating system itself.

"The overall approach takes six minutes, which might provide an additional opportunity for an attacker to return the device to the owner to cover the revealing of passwords," the researchers said.

The results show that a lost iOS device may endanger also the confidentiality of data that is not stored on the device, but which is accessible for an attacker via the revealed stored secrets. This is not specifically a problem only to iOS devices, as other smartphone operating systems may also have circumventable password protection mechanisms. However, iOS devices with device encryption may keep users in false believe that these devices have in general a strong password protection in place.

Regrading the iOS compliance to individual enterprise security policies, especially the sometimes applied comparison to fully encrypted notebook harddisks with preboot authenticaion is not valid, since these systems use the user?s secret for the device encryption.

"Owner's of a lost or stolen iOS device should therefore instantly initiate a change of all stored passwords. Additionally, this should be also done for accounts not stored on the device but which might have equal or similar passwords, as an attacker might try out revealed passwords against the full list of known accounts," the researchers suggested.


Previous
Next
Smaller iPhone in The Works: report        All News        EA's Need for Speed Undercover and the Tetris Game Coming to the BlackBerry PlayBook
Smaller iPhone in The Works: report     Mobiles News      Samsung Launches New Exynos Processor Family

Get RSS feed Easy Print E-Mail this Message

Related News
iPhone 7 Rumored To Launch September 16th
Production of iPhone7 Starts At Foxconn's factory: report
Can iPhone 7 Smartphones Fuel Sales?
iPhone 7 Case Makers Unveil Design Elements Of New Smartphone
Apple Supplier Talks About All-glass iPhone
iPhone 7 May Not Be Enough to Boost Apple's Sales
Samsung To Supply EMI-shielded NAND Flash Memory to Apple: report
KGI Analyst Says iPhone 7 To Feature 'All glass' Enclosure Along With An AMOLED Screen
Fitch Sees An OLED iPhone Coming Soon
iPhone SE Shares Features And Parts With Three iPhone Generations, Teardown Reveals
Some Thoughts About The New iPhone SE
Apple Introduces $400 iPhone SE And 9.7-inch iPad Pro

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2016 - All rights reserved -
Privacy policy - Contact Us .