iPhone Security

iPhone Jailbreak Exploit Reveals Passwords Within Minutes

Posted in iPhone on 10/02/2011 by Cormac Moylan


iPhone Security

Researchers in Germany have found an exploit that will reveal passwords that are stored on your iPhone. What’s even more worrying is that it took under 6 minutes and didn’t require a passcode to unlock the iPhone.

According to Martyn Williams (PC World), the vulnerability is based on existing exploits within the iOS system. “The attack works because the cryptographic key on current iOS devices is based on material available within the device and is independent of the passcode, the researchers said. This means attackers with access to the phone can create the key from the phone in their possession without having to hack the encrypted and secret passcode.”

Examples of passwords that could be revealed include your email accounts, voicemail, WiFi passwords, and  potentially some application based passwords such as Twitter & Facebook.

The below video demonstrates the attack in action:

This is a major scare for those of us that access sensitive data from our iPhone – which in reality is probably the vast majority of us.

If you lose your iPhone, make sure to change all of your passwords, especially your email passwords, to avoid this exploit from doing serious harm beyond your lost iPhone.


    So this can only happen to those with jailbroken iPhones?

  • Mike

    From slashdot:

    "In IOS >4 with a modern device (3GS or better, iPad included) this article is blatantly incorrect.

    "The attack works because the cryptographic key on current iOS devices is based on material available within the device and is independent of the passcode, the researchers said.". Not true. In iOS4 they use a variant of PBKDF2 to generate an encryption key that is used along with the device key alluded to in this article to decrypt "class keys". The class keys are then used to access data at the various protection levels (Never, After First Unlock, Only When Unlocked). Each of those levels of data has a separate key. Those keys are required to decrypt the individual keys on each file. Each file has an encryption key set on it in the meta data (which means you do have to reformat your system and set a reasonable passcode).

    Because of the PBKDF2 variant brute forcing is infeasible. Because of the device key you have to try this IN the device and are limited to Apple's hardware for forcing.

    All of this is possible because Apple has an AES-256 hardware chip that blazes through crypto for that algorithm.

    Remote wipe uses yet another key (the file system key). So each file encryption key requires a "Class key" and a "file system key" to be decrypted. Lose either one and the file system is history. So remote wipe is accomodated in newer versions of iOS by just forgetting the file system key.

    In short, this article is not providing an accurate portrayal of "current/latest" devices. Though I am not sure how many people: Have the newer hardware, have iOS 4 AND have reformatted their filesystem to accomodate the required metadata."

  • No, they jailbreak your phone to get the info

  • Faizsaleem118

    Or remote wipe.

  • Pingback: http://fastgarciniacambogia.com/pure-garcinia-cambogia-extract-usa/()


Cormac Moylan

Cormac is the head honcho behind MacTrast. Based in Cork, Ireland, his first foray into the Apple world was way back in 2006 when he purchased an iMac followed by a Macbook around 4 weeks later. He currently owns a Macbook Pro, iMac, Mac Mini, iPhone 4, iPod Touch, and Apple TV. But he prefers to buy watches. Go figure!