- About Future
- Digital Future
- Cookies Policy
- Terms & Conditions
- Investor Relations
- Contact Future
Researchers at the Fraunhofer Institute Secure Information Technology in Germany have shown that an iPhone or iPad can be hacked to reveal passwords stored in Apple's keychain password manager. This can be accomplished even if the device is locked with a passcode. The attack requires no special circumstances, just an iPhone, jailbreaking software, and the code developed by the researchers.
After jailbreaking the iPhone, the security gurus at the Fraunhofer Institute installed an SSH server on the phone. Then, while the device is still locked, a keychain access script is fed into the phone. The device then happily spits out to Gmail accounts, Wi-Fi networks, Exchange accounts, voicemail, and some app passwords. This is possible because Apple encrypts many passwords using keys in the device, and this is not connected with the overall device lock.
If a corporate iOS device goes missing, it could be a treasure trove of data. The researchers offer some prudent advice saying, "Owner's of a lost or stolen iOS device should therefore instantly initiate a change of all stored passwords." Do you think the risk is real, or have the researchers left something out?