Researchers Crack iOS Hotspot Passwords Within 50 Seconds

Researchers Crack iOS Hotspot Passwords Within 50 Seconds

Posted by · 13857 views
Researchers at the University of Erlangen in Germany have found a way to crack any iOS hotspot with an OS-generated password in 50 seconds, reports ZDNet.

When establishing a hotspot on your iPhone, Apple initially sets a seemingly random password to secure it. You can change this password; however, many users just use the provided one. It appears that may be a bad idea.

Three researchers from the German university found that these passwords are generated using a short dictionary word followed by a series of random numbers. In their paper, 'Usability vs. Security: The Everlasting Trade-Off in the Context of Apple iOS Mobile Hotspots (PDF)', they reveal that an attacker can easily determine what passwords iOS uses for its defaults, because there is a limited list of words that are used to generate the password.

"This list consists of around 52,500 entries, and was originated from an open-source Scrabble crossword game. Using this unofficial Scrabble word list within offline dictionary attacks, we already had a 100 percent success rate of cracking any arbitrary iOS hotspot default password," the researchers wrote.

Even worse, the analysts found that only a few of those 52,500 were being used.

"Only 1,842 different entries of that dictionary are taken into consideration. Consequently, any default password used within an arbitrary iOS mobile hotspot is based on one of these 1,842 different words."

With this information and a cluster of four AMD Radeon HD 7970s, the researchers were able to crack any iOS hotspot with an OS-generated password within 50 seconds.

They note that "system-generated passwords should be reasonably long, and should use a reasonably large character set. Consequently, hotspot passwords should be composed of completely random sequences of letters, numbers, and special characters."

Read More [via Adam]

Researchers Crack iOS Hotspot Passwords Within 50 Seconds
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
You must login or register to add a comment...
to all the Turd Polishers
to all the Turd Polishers - June 20, 2013 at 1:11am
@me Android doesn't get jailbroken... its called Rooting the phone. And no Android phone from Samsung comes Rooted already. That requires software. So please tell the truth. However, beyond that, iOS7 really looks to be following Googles lead now, regarding software features. I dont see Apple really offering much differences or huge improvements or features unheard of that Android can not do or hasnt thought of yet. Apple seems to only doing catch up now. And the iOS7 interface is not change enough to wow or woo. All features are welcoming additions, and needed. The candy is the wallpaper parallax view and translucent layers. Changing your wallpaper and seeing your coloured photo behind white screen back layer is the lamest customization possible. Apple has a lot of work to do still. It was not a good presentation.
WaterFalls2013 - June 20, 2013 at 1:03am
First, the random password Apple provides is much more cryptic then the example here. Secondly, most people do not have iOS7 yet so how is it possible to claim that most people are using the automatic apple random generation. Thirdly, iOS7 is still in beta, who is to say the random generation code idea is completed.
me - June 19, 2013 at 5:16pm
Oh No! another update coming out now! Does Apple read about the open Jailbreak that most of us want in the IOS? I am getting tired waiting for a new jailbreak every year. I have a Galaxy S4 you dont need to jailbreak this thing to customize your keyboward or change your Fonts. Which is cool Is Apple going to be like Android just let us be free.
Yo - June 19, 2013 at 10:23pm
WTH you doing here man, gtfo and play with your samsuck 4.
xol - June 20, 2013 at 4:46am
lol, you sound kinda mad breh.. its ok , in about 20 years itrash might have a couple things for you iSheeps to play with.