German researchers Fraunhofer SIT have demonstrated processes that enable a would-be attacker to compromise and reveal passwords stored in a locked iPhone in under six minutes, without having to crack the phone’s passcode.
The attack, brought to our attention by PC World, will be worrying to those who utilize a passcode lock to protect their iPhone devices, especially if a phone is stolen, as it can reveal passwords for corporate networks and other sensitive data.
The attack requires possession of the iPhone and targets the handsets individual keychain, the iPhone’s password storage platform. Researchers, utilising existing exploits, are simply able to jailbreak the device, install an SSH server on the device that allows them to run queries and execute third-party software on the phone.
Once access to the phone has been established, researchers were then able to copy a script to the phone that would access the keychain on the device. In-built system functions are employed to open the keychain and then output all of the users passwords, removing the need to physically crack any of the devices protection methods.
Passwords revealed in the attack include Gmail and Exchange passwords, LDAP acounts, voicemail, VPN and Wi-Fi passwords and even some application passwords.
Fraunhofer SIT created a video to demonstrate the attack:
The researchers at Fraunhofer SIT warn owners of a lost or stolen iPhone to instantly change their password:
“Owner’s of a lost or stolen iOS device should therefore instantly initiate a change of all stored passwords. Additionally, this should be also done for accounts not stored on the device but which might have equal or similar passwords, as an attacker might try out revealed passwords against the full list of known accounts.”
A paper with full details of the attack’s results can be accessed here – you might hold on to your iPhone that little bit tighter after reading it.