RESEARCHERS have exploited a security flaw in Apple's mobile devices, taking just six minutes to steal passwords from the iPhone and iPad. Experts at Germany's Fraunhofer SIT have found that passwords are not secure, even if the mobile device has an encryption.
The institute also warned that businesses which use iPhones and iPads are being put at serious risk of security breaches.
"Within six minutes the institute’s staff was able to render the iPhone’s encryption void and decipher many passwords stored on it," Fraunhofer SIT stated.
"The flawed security design affects all iPhone and iPad devices containing the latest firmware."
For someone to hack the device, they need to have physical access to the iPhone or iPad. They can then link it to a computer, run a few basic software scripts, and locate the user's passwords and other sensitive information.
Fraunhofer's technical manger Jens Heider said many people believed the mobile device's encryption provided a sufficient safety net.
"This opinion we encountered even in companies’ security departments", Mr Heider said.
"Our demonstration proves that this is a false assumption. We were able to crack devices with high security settings within a very short time."
Experts were able to attack the passwords by exposing a flaw in Apple's password management system, known as the 'keychain'.
The testers did not need to break the 256 bit encryption to retrieve to the passwords stored in the device's keychain.
Rather, the encryption is independent to the personal password, which is designed to protect access to the iPhone or iPad.
Any device using the iOS operating system can be sabotaged in such a way, irrespective of the user’s password.
If your lost iPhone or iPad lands in the hands of a hacker, all they need to do is remove the SIM card and they can quickly extract your email passwords, banking information, medical records and corporate logins.
Researchers at Fraunhofer warn that control of an email account allows the hacker to acquire even more passwords for services such as Facebook and Twitter.
heraldsun.com.au 11 Feb 2011
One of the key objectives in the politics of globalisation is to have a database of all citizens in the hands of government and / or 'private' companies that are conducive to government policies.
This is achieved nowadays via many firms, the likes being Google, Facebook, Twitter, Credit Card companies, etc.
Products are being pushed to the non tech savvy masses, for example from Apple that monitor and store all your information.
Recently it has been uncovered that the iPhone stores all your movements locally, BUT in Apple's EULA there is mentioned that Apple can obtain this information.
Now it has been revealed that the so called secure or 'encrypted' information on your iPhone is easily accessible.
Apple is fully aware that the information on the iphone is NOT secure BUT fails to notify the users.
This is NOT an accident on Apple's behalf as the coding required to encrypt or leave the information in a text format is NOT accidental but rather deliberate.