Skip to main content

iPhone security flaw puts keychain passwords at risk

McAfee released its McAfee’s Q4 Threat Report earlier this week, indicating a sharp rise in mobile-based malware attacks from 2009 to 2010 and forecasting more of the same for the coming year. Users of Apple products haven’t ever really needed to show much concern for security threats as the company’s computers are largely considered to be “virus safe” in many regards. The same is not true of the iPhone however, as a group of German researchers recently discovered.

It took the group of researchers at Fraunhofer Institute Secure Information Technology just six minutes to retrieve private information like stored passwords from the iPhone’s innards without ever cracking its master passcode. Apple products use a password management system called keychain which can be accessed directly in the device’s file system following a jailbreak, with no passcode required. The actual password retrieval process is somewhat complicated and heavy on the tech jargon, but it basically boils down to the fact that the keychain data is both separate from the device’s encrypted passcode and easier to access.

“As soon as attackers are in the possession of an iPhone or iPad and have removed the device’s SIM card, they can get a hold of e-mail passwords and access codes to corporate VPNs and WLANs as well,” the researchers said in a statement. “Control of an e-mail account allows the attacker to acquire even more additional passwords: For many web services such as social networks the attacker only has to request a password reset.”

If you really want to dive in and understand the finer details, the researchers published a paper detailing their findings and uploaded a video of the hack in action to YouTube:

While it’s true that this particular flaw isn’t a malware exploit, any discovered hole in the system could conceivably lead to such a danger. Options are available for remotely wiping all data to those who worry about losing their phone, but this is more the sort of issue that Apple is going to need to address directly, assuming of course that it can be addressed.

Editors' Recommendations

Adam Rosenberg
Former Digital Trends Contributor
Previously, Adam worked in the games press as a freelance writer and critic for a range of outlets, including Digital Trends…
The most common iPhone 15 problems and how to solve them
The iPhone 5 and iPhone 15 Pro Max volume buttons.

Apple iPhone 15 Plus (left) and Apple iPhone 15 Pro Max Andy Boxall / Digital Trends

You rely on your iPhone 15 for everything. That includes music, movie, and TV show streaming, banking, smart home controls, calendars, reminders, and timers — which is only scratching the surface. Apple’s iOS namesake is faster, more durable, and packed with plenty of power, but that doesn’t mean it can’t run into trouble now and then. Not to worry though: for when a smartphone presents an issue, there’s usually a way to fix it. 

Read more
How to reverse image search on Android or iPhone

A reverse image search is a handy way to figure out the origin of an image, locate similar images, or fact check an image. There are a multitude of ways to perform a reverse image search on your mobile device, whether you're using an Android phone or an iPhone.

For example, here's how to do a reverse image search via Google lens on Android:

Read more
iOS 18 could add a customization feature I’ve waited years for
iOS 17 interactive widgets on an iPhone 15 Pro Max.

iOS 18 is coming later this year, and all signs point to it being a dramatic iPhone update. Now, thanks to one new report, it looks like iOS 18 could add a customization feature I've been waiting years and years and years for: better home screen customization.

According to Bloomberg's Mark Gurman, iOS 18 will introduce a "more customizable" home screen. More specifically, iOS 18 will allow you to place app icons and widgets anywhere you want. If you want a space or break between an app icon or your widget, welcome to the future: iOS 18 may finally let you do that. MacRumors corroborated this report with its own sources, too.

Read more