Passwords stored on a locked iPhone retrieved for six minutes using off-the-shelf exploits
Share:
Then the researchers copied a Keychain (Apple's password management system) access script, and executed it to ultimately spill out the account passwords which are stored there. It was possible, because the cryptographic key is based on code you can find in the iOS device itself, and is not tied up to the passcode.
Thus the guys from the Fraunhofer Institute managed to retrieve the Gmail, Wi-Fi and some apps passwords, as well as the MS Exchange pass and the corporate VPN access code. The last two are particularly troubling, considering Apple is fighting hard to spearhead iOS devices adoption in the enterprise, even poaching talent from RIM.
To add insult to injury, it took the researchers a whole of six minutes with physical access to the phone to retrieve all of the above info. They even recorded it on video, so if someone didn't know before how to do it, now they can.
source: PCWorld
Share:
New Verizon iPhone 4 customer? Here's a list of apps you should definitely 
HTC HD7 released for Bell Mobility today 
-
Nokia Lumia 925 hands-on
-
LG Optimus F3 pictured, detailed for Sprint
-
Alleged Samsung Galaxy S4 Active photos show rugged yet slim chassis
-
Make your Samsung Galaxy S4 sound better with Adapt Sound
-
Yahoo's board agrees to $1.1 billion acquisition of Tumblr
-
Parting images and wrap-up from the last day of Google I/O
6 Comments
1. xxA4Hxx (unregistered) posted on 10 Feb 2011, 07:48 3 1
This concerns me, might just force me to get an atrix next.
2. Bada Bing (unregistered) posted on 10 Feb 2011, 08:06 0 0
It is much easier to get access to all mail passwords in a bada phone. Passwords are saved as plain text. You just need an micro-usb cable, sTune and about 30 seconds of time...
3. Freshy KHan (unregistered) posted on 10 Feb 2011, 09:28 0 0
So did these iphones have their memories completely erased prior to using the phones or was it just some return that a user neglected to clear?
Thats a whole different story, then.
4. protozeloz posted on 10 Feb 2011, 09:38 0 0
don't know..... could even be a stolen phone for all what matters
5. protozeloz posted on 10 Feb 2011, 09:42 0 1
I think they kinda went too far for posting this stuff on the net to prove their point, unless the tools are inaccessible then its an invitation to exploitation... but at least apple may work on this
6. kanon posted on 10 Feb 2011, 14:29 3 0
LOL Suck it all the people that were saying they were going to go to apple because of the McCafee post lol suck it so hard
-
1.
What makes the Full HD IPS display on the LG Optimus G Pro better than AMOLED
-
2.
The forbidden fruit: here are 7 great Android apps that Google does not allow on Play store
-
3.
All from Google I/O 2013
-
4.
Samsung officials confirm 5.9-inch Note III will come at IFA in September, Galaxy S4 to hit 10 million sales next week
