Monday, February 14, 2011

6 Minutes is all it takes to steal stored passwords on your iPhone

For those of you who think that your iPhone will thwart any criminal, we've got news for you: Someone can find your password in less than six minutes without any password cracking.

Researchers Jens Heider and Matthias Boll at Germany's Fraunhofer Institute Secure Information Technology (Fraunhofer SIT) performed a fast jailbreak and installed an SSH server (which is not allowed by Apple, hence the necessity for the jailbreak). Then , they ran a short keychain access script which popped out the passwords and screen names. It wasn't only the security code for your phone: The researchers were able to get Google Mail, VPN and MS Exchange passwords among others stored on your phone.

Heider and Boll suggest that if you lose your iPhone you begin to immediately change all your passwords since it is so easy to get access to work email and other personal accounts.


No comments:

Post a Comment

Related Posts with Thumbnails