Saturday 26 February 2011

German researchers crack iPhone security in 360 seconds

The researchers - from the Fraunhofer Institute of Secure Information Technology - used the interesting approach of jailbreaking the handset (i.e. removing the network lock) and tapping internal code elements within the iPhone's operating system.

The process is known as a keychain access script, say the researchers.

This method of bypassing the PIN lock system on the iPhone works, Infosecurity notes, because the cryptographic key on iOS-driven devices is based on program code stored in the ROM of the smartphone.

Put simply, this seems to have allowed the researchers to recreate the key from the jailbroken iPhone without requiring full access to the handset's user interface after entering the PIN.

This attack methodology is likely to cause consternation at Apple HQ, as it is an exploit that taps into the heart of the iPhone's ROM and its operating system. This makes a security patch a major recoding process.

Reporting on the researcher's claims, PC World notes that the crack gave the researchers access to the iPhone's Google Mail password - if it has been set-up as an MS Exchange account - WiFi passwords, voicemail, some app passwords and corporate VPN passwords.

"However passwords for web-based email, like Yahoo Mail, were not accessible", says the magazine's newswire.

In their published paper on the iPhone crack, the researchers say that the results show that a lost iOS device may endanger also the confidentiality of data that is not stored on the device, but which is accessible for an attacker via the revealed stored secrets.

"This is not specifically a problem only to iOS devices, as other smartphone operating systems may also have circumventable password protection mechanisms. However, iOS devices with device encryption may keep users in false believe that these devices have in general a strong password protection in place", says the paper.

"Owners of a lost or stolen iOS device should therefore instantly initiate a change of all stored passwords. Additionally, this should be also done for accounts not stored on the device but which might have equal or similar passwords, as an attacker might try out revealed passwords against the full list of known accounts", adds the paper.

According to the researchers, enterprises should create efficient processes for lost device incidents to shorten the time during which their accounts may be vulnerable.

"Especially the change of group passwords like sometimes used for VPN and WiFi may require an additional effort but should be taken seriously."


View the original article here

No comments:

Post a Comment