Passwords ‘can be stolen from iPhones in minutes’

iPhone 4 screen resolution

A group of German researchers have demonstrated how to retrieve email and network passwords from a stolen iPhone in just six minutes.

The government-funded Fraunhofer Institute of Secure Information Technology, didn’t even have to hack the iPhone’s PIN lock. They used freely available software tools to first ‘jailbreak it’, then access the phone’s account details via a keychain access script.

This gave them access to the iPhone’s Google Mail password (if it’s been set-up as an MS Exchange account), wi-fi passwords, voicemail, some app passwords and corporate VPN passwords.

However passwords for web-based email, like Yahoo Mail, weren’t accessible.

Nevertheless, SIT reckons that once a thief gets access to one of your accounts it could end-up compromising many others.

‘Control of an e-mail account allows the attacker to acquire even more additional passwords: For many web services such as social networks the attacker only has to request a password reset,’ said the researchers.

SIT recommends that owners of a lost or stolen iPhone should ‘instantly initiate a change of all stored passwords,’ as well as change passwords on accounts not stored on the device.

Another recourse is Apple’s free ‘Find My iPhone’ app, which lets you erase all your data remotely if you lose your iPhone. Video below of the hack in action.

[Via PC World]

Categories: Smartphones

Tagged as: ,

Create account

You can leave a reply without having a WordPress account, but if you do register you can upload an avatar. A WordPress account is not connected to your Which? login and cannot be used to login to or any other Which? services.

Sign up

Leave a comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>