Researchers Get Access To Passwords Stored In Locked iPhone In 6 Minutes

^_^
^_^ Posts: 4,429
via Wordpress in iPhoneHacks.com
imageResearchers Get Access To Passwords Stored In Locked iPhone In 6 Minutes

PC World is reporting that some security researchers in Germany have managed to get access to passwords stored in a locked iPhone by bypassing iPhone’s passcode lock.

The researchers have apparently used existing exploits that allows a hacker to access an iPhone’s file system even if it is locked.

IDG reports:

Read the full story here

Comments

  • John
    John Posts: 790
    via Wordpress
    If an iphone is lost or stolen, don't bet on it being returned by the finder. Remote wipe. That's what it's there for.
  • Pal
    Pal Posts: 33
    via Wordpress
    Does this work on phones where user changed root password?
  • Andrew
    Andrew Posts: 168
    via Wordpress
    Thats pretty crazy **** if i must say
  • MK
    MK Posts: 64
    via Wordpress
    How about u jailbreak your phone and then setup a password
  • Dustin
    Dustin Posts: 116
    via Wordpress
    Well, Technically i think if you changed your password, they shouldnt be able to gain access, but im sure there is a workaround to that (Brute force password cracker). Whatever happened to the ASLR patch i had heard someone was working on? Whouldnt this have prevented them from getting the password due to the files and such being in random locations and making it harder to find? I see they used a script, im sure they had to know filename and locataions, and decrypt them.
  • Dustin
    Dustin Posts: 116
    via Wordpress
    Antid0te was the name of it...
  • BeerDone
    BeerDone Posts: 15
    via Wordpress
    Looks like Apple now got something to back up their jailbreak hatred - read the first two steps.
  • fas
    fas Posts: 2,297
    via Wordpress
    Its sad that Apple security is going for a toss. This might delay 4.3.
  • John
    John Posts: 790
    via Wordpress
    It's not sad and has no bearing on 4.3. ALL devices can be broken into within minutes. Password security isn't as secure as companies lead you to think. This is nothing new. If you lose your phone, it's best to remote wipe it. I wouldn't bet on it being returned to you. Finders keepers.
  • AM
    AM Posts: 0
    via Wordpress
    I sent an email to the two guys who came up with this hack at the Fraunhofer Institute in Germany. I asked if changing the root password could protect a phone against this hack.Jens Heider (one of the two "hackers") responded:"Hi - no, the knowledge of the root password is not needed to perform the attack. In step 1 we set our own account."So, there you have it. Even if you have changed the root password, you are just as open for this attack.
  • brian
    brian Posts: 218
    via Wordpress
    That's what I'm trying to find out too. I didn't see the exploit logging in to root but maybe I missed it.
  • stan69b
    stan69b Posts: 50
    via Wordpress
    Can we count on a tutorial for this ? wich version of redsn0w is he using ? and how does he install the ssh server on the iphone ? anyway it is an interesting hack , keep up the good work
  • Dino
    Dino Posts: 16
    via Wordpress
    Remote wipe does not guarantee the security of you IDevice. If you can get access to the file system via a script then you can use data recovery software and search for the deleted data. Jonathan Zdziarski showed in one of his forensics articles how to recover deleted data. The only way to fix this is to add a new security layer that protects the kernel.
  • John
    John Posts: 790
    via Wordpress
    A new security layer will just get hacked. This isn't unique to the iphone. EVERY device is VERY easy to break into with physical access to it.The only way to fix this is to keep your phone safe and don't lose it. Especially if you're the type who's paranoid about your data and people using methods to recover wiped data.
  • Tony
    Tony Posts: 145
    via Wordpress
    The remote wipe should use a shredding/bleaching process... if it doesn't it is completely useless an anything can be un-deleted until it is written over... if it is completely written over in two passes it is permanently gone, at least with any technology conceivable within the next 20 years.
  • Dino
    Dino Posts: 16
    via Wordpress
    A new security layer will keep the sensitive information in a sandbox if you like. The isolation will make sure that anyone who isn’t supposed to have access doesn’t. The solution is simple: only the root account can access the information and only from within the OS; this means that the device needs to be booted up. The security layer will also deny impersonation of root rights for this operation. So even if the root password is known (alpine) you cannot script any operation. Please don’t curse me for what I am about to say, but Microsoft’s Windows 7 has this kind of security build in. My point is that the security logic is not something top secret. What Apple needs to do is acknowledge that their OS is not bullet proof and they need to improve the security.
  • John
    John Posts: 790
    via Wordpress
    I could point you to a few simple linux tools that will break windows 7 security in less than 5 mins. The whole point is, physical access. Nothing's safe if someone has physical access to it. The best security is ourselves.