iPhone security flaw puts keychain passwords at risk

By Adam Rosenberg February 10, 2011

McAfee released its McAfee’s Q4 Threat Report earlier this week, indicating a sharp rise in mobile-based malware attacks from 2009 to 2010 and forecasting more of the same for the coming year. Users of Apple products haven’t ever really needed to show much concern for security threats as the company’s computers are largely considered to be “virus safe” in many regards. The same is not true of the iPhone however, as a group of German researchers recently discovered.

It took the group of researchers at Fraunhofer Institute Secure Information Technology just six minutes to retrieve private information like stored passwords from the iPhone’s innards without ever cracking its master passcode. Apple products use a password management system called keychain which can be accessed directly in the device’s file system following a jailbreak, with no passcode required. The actual password retrieval process is somewhat complicated and heavy on the tech jargon, but it basically boils down to the fact that the keychain data is both separate from the device’s encrypted passcode and easier to access.

“As soon as attackers are in the possession of an iPhone or iPad and have removed the device’s SIM card, they can get a hold of e-mail passwords and access codes to corporate VPNs and WLANs as well,” the researchers said in a statement. “Control of an e-mail account allows the attacker to acquire even more additional passwords: For many web services such as social networks the attacker only has to request a password reset.”

If you really want to dive in and understand the finer details, the researchers published a paper detailing their findings and uploaded a video of the hack in action to YouTube:

While it’s true that this particular flaw isn’t a malware exploit, any discovered hole in the system could conceivably lead to such a danger. Options are available for remotely wiping all data to those who worry about losing their phone, but this is more the sort of issue that Apple is going to need to address directly, assuming of course that it can be addressed.

Editors' Recommendations

Topics

Former Digital Trends Contributor

Previously, Adam worked in the games press as a freelance writer and critic for a range of outlets, including Digital Trends…

Mobile

3 reasons why I’ll actually use Anker’s new iPhone power bank

A person holding the Anker MagGo Power Bank.

Power banks are a necessary evil, and even if you don’t consider yourself a “power user” who's likely to drain a phone’s battery in less than a day, there will be times when one comes in handy. And when I am forced to carry one, I want it to be as helpful and versatile as possible.

I’ve been trying Anker’s MagGo Power Bank 10K -- meaning it has a 10,000mAh cell inside it -- and there are three reasons why I'm OK with it taking up valuable space in my bag.
It has a screen on it

Mobile

Here’s how Apple could change your iPhone forever

An iPhone 15 Pro Max laying on its back, showing its home screen.

Over the past few months, Apple has released a steady stream of research papers detailing its work with generative AI. So far, Apple has been tight-lipped about what exactly is cooking in its research labs, while rumors circulate that Apple is in talks with Google to license its Gemini AI for iPhones.

But there have been a couple of teasers of what we can expect. In February, an Apple research paper detailed an open-source model called MLLM-Guided Image Editing (MGIE) that is capable of media editing using natural language instructions from users. Now, another research paper on Ferret UI has sent the AI community into a frenzy.

Mobile

This iPad just got a rare discount — save $100 at Best Buy

Call of Duty: Mobile on the iPad (2022).

The standard Apple 10.9-inch iPad rarely sees a deep discount but that’s the case over at Best Buy at the moment. Normally priced at $449, you can buy one for just $349 for a limited time. A hefty saving of $100, this is one of the better iPad deals at the moment and worth checking out if you want a new tablet or you’re keen to buy someone a great gift. Here’s what the Apple 10.9-inch iPad has to offer.

Why you should buy the Apple 10.9-inch iPad
The Apple 10.9-inch iPad is a pretty good tablet for anyone who wants something straightforward and useful. It has an attractive 10.9-inch Liquid Retina display with True Tone support so it looks great with whatever you’re doing, whether you’re browsing the internet, watching videos, or playing a game. It’s powered by the A14 Bionic chip with a 6-core CPU and 4-core GPU which is why the Apple 10.9-inch iPad easily joins the best iPads list for anyone seeking a great mid-range example. It’s easily capable of playing many games through Apple Arcade as well as being snappy when it comes to looking up YouTube videos and similar.