Skip to main content
  1. Home
  2. Mobile

iPhone security flaw puts keychain passwords at risk

Adam Rosenberg
By

McAfee released its McAfee’s Q4 Threat Report earlier this week, indicating a sharp rise in mobile-based malware attacks from 2009 to 2010 and forecasting more of the same for the coming year. Users of Apple products haven’t ever really needed to show much concern for security threats as the company’s computers are largely considered to be “virus safe” in many regards. The same is not true of the iPhone however, as a group of German researchers recently discovered.

It took the group of researchers at Fraunhofer Institute Secure Information Technology just six minutes to retrieve private information like stored passwords from the iPhone’s innards without ever cracking its master passcode. Apple products use a password management system called keychain which can be accessed directly in the device’s file system following a jailbreak, with no passcode required. The actual password retrieval process is somewhat complicated and heavy on the tech jargon, but it basically boils down to the fact that the keychain data is both separate from the device’s encrypted passcode and easier to access.

Recommended Videos

“As soon as attackers are in the possession of an iPhone or iPad and have removed the device’s SIM card, they can get a hold of e-mail passwords and access codes to corporate VPNs and WLANs as well,” the researchers said in a statement. “Control of an e-mail account allows the attacker to acquire even more additional passwords: For many web services such as social networks the attacker only has to request a password reset.”

Related

If you really want to dive in and understand the finer details, the researchers published a paper detailing their findings and uploaded a video of the hack in action to YouTube:

While it’s true that this particular flaw isn’t a malware exploit, any discovered hole in the system could conceivably lead to such a danger. Options are available for remotely wiping all data to those who worry about losing their phone, but this is more the sort of issue that Apple is going to need to address directly, assuming of course that it can be addressed.

Editors' Recommendations

Topics
Adam Rosenberg
Adam Rosenberg
Former Digital Trends Contributor
Previously, Adam worked in the games press as a freelance writer and critic for a range of outlets, including Digital Trends…
AirTags range: here’s how far the tracker can reach
An AirTag attached on a keyring

Apple AirTags are a helpful tool for tracking valuable possessions like wallets, keys, luggage, and backpacks. These tags employ various technologies that allow you to track your items from short and long distances using your compatible Apple device, such as an iPhone 15 Plus. You might wonder how far you can track your items with AirTags. It's time to find out.
AirTags range, explained

The range of AirTags varies depending on the method you use to locate them. A Bluetooth connection will work when your AirTags are close to your supported Apple device. Otherwise, Apple's Find My network is utilized. Luckily, you don't have to choose the method because it's selected behind the scenes automatically.

Read more
Best Verizon new customer deals: Galaxy S24, iPhone and more
Verizon logo on a smartphone screen in a dark room and a finger touching it.

If you’re in the market for one of the best phones, or any new phone for that matter, you’re going to need a good carrier. Verizon has long been one of the most popular options, as it boasts one of the most reliable networks in the United States. It offers some of the best cell phone plans out there, and for new customers Verizon also offers some pretty impressive discounts on new phones. In many cases this means you can brand new, recently released phones entirely for free when signing up with Verizon. And that’s the case right now, as we’re currently seeing some of the best Verizon new customer deals we’ve seen. You can pretty easily land a new iPhone, Samsung Galaxy phone, and Google Pixel for free, and we’ve got all of the details on how to do so. If that sounds enticing, read onward and start shopping the best Verizon new customer deals available right now.
Free iPhone SE (3rd Gen)

The 2022 release of the Apple iPhone SE is yours for free when you sign up for a new 5G data plan on Verizon -- no trade-ins required. It's the best small smartphone in our list of the best smartphones with a 4.7-inch Liquid Retina display, but it doesn't sacrifice performance as it's powered by Apple's A15 Bionic chip that's also found in the iPhone 13 line and pre-installed with iOS 15. The latest iPhone SE is equipped with a single 12MP rear sensor and 7MP selfie camera, which are boosted by Apple's software to enable better photographs.

Read more
We finally know when Apple will announce its 2024 iPads
Official artwork for Apple event in May 2024.

(more…)

Read more