Skip to main content
  1. Home
  2. Mobile

iPhone security flaw puts keychain passwords at risk

Adam Rosenberg
By

McAfee released its McAfee’s Q4 Threat Report earlier this week, indicating a sharp rise in mobile-based malware attacks from 2009 to 2010 and forecasting more of the same for the coming year. Users of Apple products haven’t ever really needed to show much concern for security threats as the company’s computers are largely considered to be “virus safe” in many regards. The same is not true of the iPhone however, as a group of German researchers recently discovered.

It took the group of researchers at Fraunhofer Institute Secure Information Technology just six minutes to retrieve private information like stored passwords from the iPhone’s innards without ever cracking its master passcode. Apple products use a password management system called keychain which can be accessed directly in the device’s file system following a jailbreak, with no passcode required. The actual password retrieval process is somewhat complicated and heavy on the tech jargon, but it basically boils down to the fact that the keychain data is both separate from the device’s encrypted passcode and easier to access.

“As soon as attackers are in the possession of an iPhone or iPad and have removed the device’s SIM card, they can get a hold of e-mail passwords and access codes to corporate VPNs and WLANs as well,” the researchers said in a statement. “Control of an e-mail account allows the attacker to acquire even more additional passwords: For many web services such as social networks the attacker only has to request a password reset.”

If you really want to dive in and understand the finer details, the researchers published a paper detailing their findings and uploaded a video of the hack in action to YouTube:

While it’s true that this particular flaw isn’t a malware exploit, any discovered hole in the system could conceivably lead to such a danger. Options are available for remotely wiping all data to those who worry about losing their phone, but this is more the sort of issue that Apple is going to need to address directly, assuming of course that it can be addressed.

Editors' Recommendations

Topics
Video-editing app LumaFusion to get a Galaxy Tab S8 launch
A tablet featuring the LumaFusion video editing app.
Samsung Galaxy S23 vs. iPhone 14: Apple’s grip is starting to slip
Samsung Galaxy S23 and iPhone 14.
I love (and hate) this stunning iPhone 15 Ultra concept
A concept of an iPhone 15 Ultra by Jonas Daehnert on Twitter
Google Pixel Watch is back down to its Black Friday price
The Google Pixel Watch's Big Time watch face.
Apple hints at cunning plan to make you spend even more on an iPhone
The iPhone 14 Pro Max standing against a tree outside.
The best phones in 2023: which smartphone should you buy?
iPhone 13 Pro screen.
You shouldn’t buy the Galaxy S23 Ultra โ€” and that’s the best thing about it
Two Samsung Galaxy S23 Ultra phones. One is face-up with the display turned on, the other shows its backside.
Netflix for books: Get 2 months of Kindle Unlimited for free
Kindle Unlimited service
The best Android phones in 2023: top 10 best ones you can buy
The S22 Ultra in nature.
We have the Vivo X90 Pro, one of 2023’s most interesting Android phones
The Vivo X90 Pro held in a person's hand.
Forget the Steam Deck โ€” this modded Android phone is a gamer’s dream
Modified Surface Duo 2 gaming rig
This Galaxy S23 Ultra case gives Samsung users a huge iPhone 14 feature
A person holding the Samsung Galaxy S23 Ultra.
LastPass vs. 1Password: should you switch?
florida court phone passwords android lock screen password