Researchers in Germany have found an exploit that will reveal passwords that are stored on your iPhone. What’s even more worrying is that it took under 6 minutes and didn’t require a passcode to unlock the iPhone.
According to Martyn Williams (PC World), the vulnerability is based on existing exploits within the iOS system. “The attack works because the cryptographic key on current iOS devices is based on material available within the device and is independent of the passcode, the researchers said. This means attackers with access to the phone can create the key from the phone in their possession without having to hack the encrypted and secret passcode.”
Examples of passwords that could be revealed include your email accounts, voicemail, WiFi passwords, and potentially some application based passwords such as Twitter & Facebook.
The below video demonstrates the attack in action:
This is a major scare for those of us that access sensitive data from our iPhone – which in reality is probably the vast majority of us.
If you lose your iPhone, make sure to change all of your passwords, especially your email passwords, to avoid this exploit from doing serious harm beyond your lost iPhone.