Ach du lieber. German researchers recently revealed that they’ve been able to hack a locked iPhone and retrieve stored passwords in only six minutes – without cracking the mobile handset’s hidden passcode.
Exploiting vulnerabilities in Apple’s keychain password storage system, experts at the Fraunhofer Institute for Secure Information Technology in Darmstadt demonstrated on video how to circumvent the device’s built-in protections. Stealing sensitive info requires mischief makers to physically possess the phone though, and jailbreak (bypass Apple’s built-in software safeguards) the handset.
While website passwords weren’t vulnerable to the researchers’ attacks, some email, voicemail, WiFi, corporate network and app passwords were, presenting potentially fatal security threats, as detailed in a published report.
“Owners of a lost or stolen iOS device should therefore instantly initiate a change of all stored passwords,” the researchers stated in their findings. “Additionally, this should be also done for accounts not stored on the device but which might have equal or similar passwords, as an attacker might try out revealed passwords against the full list of known accounts.”