Researchers demo ability to steal passwords by jailbreaking Apple's iPhoneResearchers from Germany have demonstrated a way to quickly retrieve passwords from the stored keychain of a locked iPhone or iPad by obtaining the device and jailbreaking it.
The Fraunhofer Institute Secure Information Technology team have demonstrated their exploit online, proclaiming that an "attacker can retrieve passwords in 6 minutes." The hack requires the person to have access to the physical phone, and relies on "jailbreaking" the device, a term used to refer to hacking Apple's iOS mobile operating system to allow users to run unauthorized code.
In a video detailing the exploit, Fraunhofer shows a password-locked iPhone tethered to a computer via USB and then jailbroken. The attacker then accesses the filesystem of the handset and copies a keychain access script to the device.
From there, the script can be executed, and passwords stored on the iPhone can be extracted. All of this can reportedly be accomplished without even unlocking the password-protected phone, with all of the data transferred via USB to a connected PC.
The research firm claims that the "flawed security design affects all iPhone and iPad devices containing the latest firmware."
Apple has discouraged jailbreaking of iOS devices, including the iPhone, iPad and iPod touch, noting that the practice can result in significant security risks. In 2009, a worm targeting jailbroken iPhones affecting some users who did not change tehir default SSH password, which allows file transfers between phones.
Jailbreaking can be used to steal software from the App Store, while it can also be employed to run unauthorized third-party applications or operating system customization and modifications not allowed by Apple. A significant community dedicated to jailbreaking has emerged since the iPhone was first released in 2007, and it has gone back and forth with Apple as the Cupertino, Calif., company works to patch exploits and jailbreakers look to discover them.
Last November, Apple enhanced the security of iOS devices by making the Find My iPhone service free. Previously, the functionality was only available to users who subscribed to Apple's $99-per-year MobileMe service.
Using Find My iPhone, a user can remotely track a missing iPhone, iPad or iPod touch, provided the device has a data connection available. The owner of the device can also remotely disable or wipe all data from the missing hardware.