Fraunhofer cracks iPhone password in 6 minutes, exposes stored passwords [video]

By on Feb 10, 2011 at 7:27 AM
mobile February 10, 2011

What’s the one thing that could make losing your iPhone worse? If the person who happens to find your AWOL iPhone knows exactly what they’re doing. In a two-minute video clip published by German engineering firm Fraunhofer, the company demonstrates how an iPhone’s password security can be rendered completely moot. The demonstration takes a locked, unmodified iPhone, running the latest firmware, and, with the help of jailbreaking software, gains access to all stored passwords on the device — Wi-Fi networks, saved website logins… anything stored in your keychain file. The demonstration is meant to illustrate how crucial it is for companies and individuals to not only use a pass codes on mobile devices, but also react quickly — preferably initiating a remote wipe — if the device is lost. The video demonstration is waiting for you after the break.

Tags:
, , , , , , , ,
61 Comments

Related Articles

  • Bringit

    hi.

  • Insigniaband

    Try to do that on a BlackBerry

    • dmallor

      That would be impossible because all of your passwords are stored on Rims network ;)

      • HA!

        WOW your an idot

      • Words are hard

        Hey HA!, its you’re..so you’re (see how that works) the idot.

      • http://caspan.com Caspan

        Hey moron it’s idiot! Man if your going to trash talk back to someone about spelling check your spelling!

      • Anonymous

        Lol caspan.

    • http://twitter.com/usemeego meegouser

      Better yet, try that on Symbian :)

      • clint

        oh, it that OS still in use ? :-)

      • numetheus

        Symbian? You mean the OS that will soon be no longer? Symbian has acknowledged that they are losing marketshare, and there are rumors circulating that they may soon make phones running WP7. Meego is awesome, but reality is that money matters. And people as a whole care nothing for Meego.

  • BB

    One year from now, with NFC along with the more important role of security in a smartphone, the adventages of RIMM phones will come to light with their impecable security features.

  • endevour

    expecting apple to sell it as a feature

    • Steve Jobs

      This is a password recovery feature.

      Steve Jobs

      Sent from my iPhone

      • Steve Hillshire

        You aren’t setting your password correctly.

        Stay Tuned…

  • http://twitter.com/usemeego meegouser

    Oh my!

    Better stick to Blackberry and Symbian then.

    • Anonymous

      What the heck is a symbian?

  • Anonymous

    This would NEVER EVER happened to an Android phone. Android is the most Open and Secure platform EVER. I have been told by members of the scientific arm of the Goofan (aka Apple Hater) nation that you would need a super computer working for 100 years to be able to break into an Android phone.

    • Jonathon_flores

      Hahaha I love this guy. He’s such a douche and everybody hates him but I love reading his posts. Makes my day.

      • Anonymous

        Gracias Señor Flores!

      • Anonymous

        he occasionally gets a giggle…

    • TUPAPI

      Hahahaha.. I gave you a plus because you made my day!

    • securIT

      “open and “secure” in the same sentence?? fail

  • Dario69

    Not too impressed Fraunhofer. A person can drop their wallet on the street and it will take almost as long to carefully sift through all of the crap to find account number and passwords scrawled on tiny notes, let alone the credit cards. Now if you cracked that code while the customer was still using their phone or had in their possession, I would be more impressed. But when you lose something all bets are off. And using jailbeak software? Oooh, how technically savvy. In that case no phone is safe from hackers. Please.

    • http://twitter.com/hestonk Heston Kan

      true! however the issue here is that people aren’t aware of the inherent danger of losing a mobile device…and how much more information can be exposed if the device were to land in the hands of the wrong person….
      When you lose a wallet, your credit card goes missing, you call it in and they stop it…
      if/when you lose an iPad or iPhone, the hacker removes the SIM card, you can no longer remote wipe…he then gains access to your email accounts and etc…and can view much more information until you are able to secure that.
      Just imagine if its a corporate email account…clients would not be happy

      • zukidrvr

        Yep. iPhone vs BlackBerry smartphone. Toy vs Tool.

      • http://twitter.com/infobhan Ishir Bhan

        Yes, agreed that BlackBerry fanyboys are tools…

      • Anonymous

        It’s also a big concern for employees who sign up for Personal Liability contracts. Let’s remember that just because some of you don’t care about corporate espionage, that doesn’t mean it isn’t happening.

      • http://caspan.com Caspan

        People think nothing exists till it happens to them and then its this poor sob story of “I didn’t think anyone would want my info” as their entire life and identity is stolen that takes 5 ears to clean up. Not to mention you have to pay another $599 to replace that damn phone!

  • http://twitter.com/NICKVALENTIN0 Nick Valentino

    I wonder how many of those companies that have been in the news with claims they’d switch to iPhone from BlackBerry will reevaluate the situation.

    • Anonymous

      there are apps for business iphones that companies use…my dad switched from BB and they made his iphone fort knox, he works for McGraw-Hill.

      • RealDeal

        Putting a secure app on top of an insecure operating system is like locking the door and leaving the window next to it wide open.

      • Anonymous

        Anyone can break into an iPhone just by thinking hard enough. I have a friend with an iPhone and I started thinking really hard, sweating and all, and my thoughts were able to penetrate that puny security on the iPhone and I saw all his emails and passwords and pics of his ex-wife naked!

      • Anonymous

        Ahhhhh! What’s that my love???? Your dad has an iPhone? How dare you call yourself a member of the Goofan (aka Apple Hater) nation???? You are in the doggie house for 15 mins young lady!

      • http://caspan.com Caspan

        Your dad just got owned but his kid. Mcgraw Hill get better secure phones!

      • Anonymous

        sorry luv, i have one android friend and he’s a vegetarian… so sad.

      • Jimbo1

        Sorry, but this demonstration clearly shows that someone has the keys to “Fort Knox”. iPhone has serious security issues to deal with. Unless you’re a 13yr old using fart and Angry Bird apps, and don’t store any personally identifiable information on your iPhone, you had better be very concerned about this.

      • http://caspan.com Caspan

        LoL

    • numetheus

      Definitely can’t use Android in the workplace that’s for sure. I evaluated it for work and cannot participate in conferences and meetings because Android doesn’t have things like Cisco Webex. For work use, Android is a toy that can play games and make calls. But the lack of enterprise software means blackberry or iPhone is what enterprise people will use.

  • KCRic

    Guess it’s time to tell all my friends “told you so.” Thanks Fraunhofer, This is going to be a wonderfully splendid day. Lol – and Apple wants to use NFC on their phones (albeit late, but still).

  • YMBz

    Would apple be able to fix this problem with the next iOS 4.3 ?

  • Anonymous

    I like this, this is good. Now all Apple needs to do is fix it and trust me they will. Rim claims they have all the security in the world but not to many people have bother trying though and that’s a problem.

    • http://twitter.com/NICKVALENTIN0 Nick Valentino

      Actually, you’re wrong. There are entire forums dedicated to GSM hacking, which includes BlackBerry. Believe me when I tell you, many people have tried to crack a lost/stolen BlackBerry and there has been no solution other than completely wiping the device.

      • http://twitter.com/hestonk Heston Kan

        interesting! could you provide a link to any of these forums plz?

      • Jimbo1

        You’re asking for a link? Really?? It’s 2011, just take the 2 seconds yourself and Google it. Sheesh.

  • Obj_me

    This seems to be almost meaningless to most enterprise users interested in having a secure device. I could be wrong, but I’m guessing this device was not secured with a policy requiring entire device encryption. I kind of get the feeling if that had been the case the password information would not have been nearly as easy to retrieve. Also I believe that device encryption is supported on the iPhone 3G(S) onward as well as the iPad and a couple of IPT’s. Perhaps this does show a security hole for non-enterprise security minded everyday consumers however in an enterprise setting with appropriate measures in place I doubt it would be this simple. It’s also important to point out that a jailbreak was required which is designed to defeat iOS’s DEP/NX security model to begin with causing this demonstration, IMO, to be even less relevant. Just a though, and perhaps I am incorrect, but again with appropriate encryption and remote wipe measures in place this is sort of null. Also this is all part of developing a security model, it will eventually be defeated and then improved upon. That’s how security works, it always has worked this way and will continue to. All in all I’m not super impressed by the video.

  • Janice

    Step #1 of this is:
    You must be stupid enough to give a hacker your phone.

    Without that… your passwords are *NOT* at risk at all.

    (Only BGR is making it seem like that.)

    • http://twitter.com/DJQStormATL DJQStormATL

      Are you serious? Give a hacker your phone….

      Are these iphone people that naive?!

      #teamblackberry

      • Whoops!

        Just leave it in a bar…

        Oh wait, that’s already happened.

    • Jimbo1

      Did you actually look at what they did with the iPhone? I guess some people will only “get it” when they experience it for themselves. I don’t like facts any more than the next person, but c’mon… really?

  • http://caspan.com Caspan

    I love how all the comments of Apple fan boys are just stabs at RIM and other OSs. This has always been the reason why I will not touch an iPhone. I don’t feel like using an OS that takes security as maybe 5th important on their list.

    RIM has never been hacked never will be and there is nothing that you can say that can prove that wrong! So suck it up eat the fact that your phone is a joke when it come to security and realize this is what wh have been talking about for years. you just got Owned Apple!

    • Anonymous

      If you want security then Android is for you. Not RIM. Google themselves watch over your security. All they ask in return is get all your personal info and life patterns. That’s a great trade as far as I am concerned.

      • http://caspan.com Caspan

        LOL yeah right!

  • brian

    wait until hospitals put their doctors with emr systems on the ipads. That should be fun as your full medical history will now be open.

    • http://caspan.com Caspan

      Any properly written healthcare code will only access information and not store it on the iPad for security reasons……. Wait now you’ll have the username and password to access it all!!!

      • brian

        properly written is the key. I haven’t seen too many healthcare apps “properly written”

      • http://caspan.com Caspan

        When it come to health care application that deal with medical information its not a choice its a mandate! Either that you get your ass sewed off!

  • Todd

    Umm….. I’ll keep my BlackBerry thanks. If you’re an enterprise customer, you had better think twice about using an iPhone.

  • http://twitter.com/maniballi Michael

    For the time being this security issue may save RIM and its tenuous hold on the enterprise market

    • http://caspan.com Caspan

      RIM does not need saving! Only non BlackBerry users think they do!

    • Jimbo1

      Really? To me it looks like they’ve tried to stick their foot into the crack of the enterprise door, then proceeded to slam it shut on themselves.

  • Jpecou

    Try that on Android…. HAHA (Can’t even say it with a straight face)

blog comments powered by Disqus