iPhone security flaw puts keychain passwords at risk

By Adam Rosenberg February 10, 2011

McAfee released its McAfee’s Q4 Threat Report earlier this week, indicating a sharp rise in mobile-based malware attacks from 2009 to 2010 and forecasting more of the same for the coming year. Users of Apple products haven’t ever really needed to show much concern for security threats as the company’s computers are largely considered to be “virus safe” in many regards. The same is not true of the iPhone however, as a group of German researchers recently discovered.

It took the group of researchers at Fraunhofer Institute Secure Information Technology just six minutes to retrieve private information like stored passwords from the iPhone’s innards without ever cracking its master passcode. Apple products use a password management system called keychain which can be accessed directly in the device’s file system following a jailbreak, with no passcode required. The actual password retrieval process is somewhat complicated and heavy on the tech jargon, but it basically boils down to the fact that the keychain data is both separate from the device’s encrypted passcode and easier to access.

“As soon as attackers are in the possession of an iPhone or iPad and have removed the device’s SIM card, they can get a hold of e-mail passwords and access codes to corporate VPNs and WLANs as well,” the researchers said in a statement. “Control of an e-mail account allows the attacker to acquire even more additional passwords: For many web services such as social networks the attacker only has to request a password reset.”

If you really want to dive in and understand the finer details, the researchers published a paper detailing their findings and uploaded a video of the hack in action to YouTube:

While it’s true that this particular flaw isn’t a malware exploit, any discovered hole in the system could conceivably lead to such a danger. Options are available for remotely wiping all data to those who worry about losing their phone, but this is more the sort of issue that Apple is going to need to address directly, assuming of course that it can be addressed.

Editors' Recommendations

Topics

Former Digital Trends Contributor

Previously, Adam worked in the games press as a freelance writer and critic for a range of outlets, including Digital Trends…

Computing

Best Apple deals: Save on AirPods, Apple Watch, iPad, MacBook

Apple MacBook Air M1 open, on a table.

Apple has been a big player in the tech space for a long time, and it has pioneered some of the technology we use today, such as best wireless earbuds and the best smartwatches. If that wasn't enough, it even makes some of the best best laptops and best tablets on the market, so pretty much whatever tech you're looking for, Apple has an excellent version of it. Not only that, but Apple's ecosystem is also easily one of the best available, with only Samsung really competing in that space, and if you're already in the Apple ecosystem, then it makes sense to continue buying stuff from Apple.

Of course, Apple tech can be quite pricey, which is why we've gone out and searched through various big retailers to find you some of the best deals we can find. That includes everything from the MacBook to the AirTag, so hopefully, you can find the perfect deal that fits your needs and budget.
Apple AirTag (4-Pack) -- $80, was $99

Mobile

I can’t wait for Nothing to launch this stunning phone

Nothing Community Edition Project winner.

Say what you will about Nothing, but this brand certainly has a taste for flashy design. After all, how many phones out there light up and sync to the beat of music? But the company's latest smartphone endeavor could just be its best yet.

In March, Nothing introduced its Community Edition Project. The goal was to take ideas from its fans for hardware design, with the Nothing Phone 2a serving as the foundation. The company also has similar plans for wallpaper, packaging, and marketing shenanigans. Today, Nothing announced its winning entry for the phone design, and it’s a stunner.

Mobile

How to find your phone number on iPhone or Android

Rebtel Calling

If you're here, you've likely just had this experience; needing to enter your digits for an account of some sort, you realize you don't remember your own phone number. As you don’t call your own phone number very often, this isn't an extremely uncommon scenario. And it gets even worse if you frequently use a second phone number alongside your main one. It's still embarrassing enough, however, to not want to ask your partner or buddy, "Hey, what's my phone number?"

Luckily, the ability to locate phone number data comes directly on your phone, so checking your friend's address book won't be necessary. Whether you’re using an iOS or Android device, you can quickly locate your own number — as well as your IMEI number — on your phone if you know where to look. Just grab your phone, find the appropriate section below, and we'll show you how to do it.
How to find your phone number on iPhone