A group of German researchers have demonstrated how to retrieve email and network passwords from a stolen iPhone in just six minutes.
The government-funded Fraunhofer Institute of Secure Information Technology, didn’t even have to hack the iPhone’s PIN lock. They used freely available software tools to first ‘jailbreak it’, then access the phone’s account details via a keychain access script.
This gave them access to the iPhone’s Google Mail password (if it’s been set-up as an MS Exchange account), wi-fi passwords, voicemail, some app passwords and corporate VPN passwords.
However passwords for web-based email, like Yahoo Mail, weren’t accessible.
Nevertheless, SIT reckons that once a thief gets access to one of your accounts it could end-up compromising many others.
‘Control of an e-mail account allows the attacker to acquire even more additional passwords: For many web services such as social networks the attacker only has to request a password reset,’ said the researchers.
SIT recommends that owners of a lost or stolen iPhone should ‘instantly initiate a change of all stored passwords,’ as well as change passwords on accounts not stored on the device.
Another recourse is Apple’s free ‘Find My iPhone’ app, which lets you erase all your data remotely if you lose your iPhone. Video below of the hack in action.
[Via PC World]