Skip to main content

iPhone security flaw puts keychain passwords at risk

McAfee released its McAfee’s Q4 Threat Report earlier this week, indicating a sharp rise in mobile-based malware attacks from 2009 to 2010 and forecasting more of the same for the coming year. Users of Apple products haven’t ever really needed to show much concern for security threats as the company’s computers are largely considered to be “virus safe” in many regards. The same is not true of the iPhone however, as a group of German researchers recently discovered.

It took the group of researchers at Fraunhofer Institute Secure Information Technology just six minutes to retrieve private information like stored passwords from the iPhone’s innards without ever cracking its master passcode. Apple products use a password management system called keychain which can be accessed directly in the device’s file system following a jailbreak, with no passcode required. The actual password retrieval process is somewhat complicated and heavy on the tech jargon, but it basically boils down to the fact that the keychain data is both separate from the device’s encrypted passcode and easier to access.

“As soon as attackers are in the possession of an iPhone or iPad and have removed the device’s SIM card, they can get a hold of e-mail passwords and access codes to corporate VPNs and WLANs as well,” the researchers said in a statement. “Control of an e-mail account allows the attacker to acquire even more additional passwords: For many web services such as social networks the attacker only has to request a password reset.”

If you really want to dive in and understand the finer details, the researchers published a paper detailing their findings and uploaded a video of the hack in action to YouTube:

While it’s true that this particular flaw isn’t a malware exploit, any discovered hole in the system could conceivably lead to such a danger. Options are available for remotely wiping all data to those who worry about losing their phone, but this is more the sort of issue that Apple is going to need to address directly, assuming of course that it can be addressed.

Editors' Recommendations

Adam Rosenberg
Former Digital Trends Contributor
Previously, Adam worked in the games press as a freelance writer and critic for a range of outlets, including Digital Trends…
I compared the cameras on 4 cheap Android phones, and the winner surprised me
The Google Pixel 8a, Nothing Phone 2, Samsung Galaxy A35, and the Samsung Galaxy A55's camera.

The Google Pixel 8a (from left), Nothing Phone 2, Samsung Galaxy A35, and Samsung Galaxy A55. Andy Boxall / Digital Trends

If you’ve set aside around $500 to spend on a new Android smartphone, and the camera is one of the features you expect to use the most, then which phone is best? The Pixel 8a will likely be on your list, but there are several other great phones available at a similar price.

Read more
5 iOS 18 features I can’t wait to use (and 1 that looks terrible)
The iOS 18 logo against a blue and pink background.

Apple lifted the curtain on all of its upcoming software updates during its Worldwide Developers Conference (WWDC) 2024 keynote, showcasing what we can expect in all of its next major software updates — including iOS 18.

Apple Intelligence, Apple's own brand of AI tools, will be a large part of all the new software updates, including iOS 18. However, due to hardware constraints and the power necessary for AI, not all iPhones that can run iOS 18 will be able to get Apple Intelligence.

Read more
iPadOS 18 release date: Here’s when your iPad will get the update
A person holding the Apple iPad Air (2024).

Apple has announced significant software updates for its major products, including the iPhone, iPad, Apple Watch, Apple Vision Pro, Apple TV, and Mac. Among these is iPadOS 18 for the iPad.

You might wonder when you can download the new update if you have an iPad. The update is technically available now, but some details must be considered. There are three different versions of iPadOS 18, and each will be released at various times this year. Let's dig in.
iPadOS 18 developer beta release date

Read more