Research being carried out at the Fraunhofer Institute for Secure Information Technology in Germany has revealed an iPhone password can be recovered in just 6 minutes from a locked device. In other words, if you lose your iPhone, but it has a password lock, anyone can unlock it in just a few minutes without having to figure out the passcode.
The technique requires that the iPhone be jailbroken and an SSH server be installed on the phone, both of which can be done without the handset being unlocked. Keychain scripts can then be used to run system commands and display full details of the user’s account including the password to unlock the phone (as in the image above).
While the password for the device can be revealed, other passwords for the most part remain protected.
It is made clear in their study that using encryption on the iPhone is not a way around this problem as the encryption relies on the user’s secret information (revealed by this method) to gain access. The best advice at the moment is to change passwords as soon as a device is lost or stolen to limit the damage.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.