Subscribe to RSS

Researchers crack default iPhone Personal Hotspot passwords in under a minute!


The default generated passwords protecting the mobile hotspot feature of Apple's iPhones and iPads are weak and flawed, according to a group of German researchers claiming to be able to crack iOS Personal Hotspot keys in less than a minute.

In a paper (PDF) titled "Usability vs. Security: The Everlasting trade-OFf in the Context of Apple iOS Mobile Hotspots," researchers from the University of Erlangen demonstrate that iOS generates weak default passwords for its mobile hotspot feature. The researchers found that the mobile hotspot feature is quite susceptible to brute force attacks on the WPA2 handshake. 

The paper holds that iOS generates its default passwords based on a word list of roughly 52,500 entries, though iOS apparently relies on about 1,842 of those entries. Additionally, the process for selecting words from the list is insufficiently randomized. That leads to a skewed distribution of words that go into default passwords. That skewed distribution apparently makes it easier to crack a device's password.

Using a GPU cluster with four AMD Radeon HD 7970s, the researchers claimed a 100 percent success rate in cracking iOS-generated passwords. Over the course of the experiment, the researchers got the time to retrieve a password down to around 50 seconds. 

The paper notes that "access to a mobile hotspot also results in access to services running on a device." It points to apps like AirDrive HD and other wireless sharing apps as the first easily accessible services once access to the device has been gained. 

Besides access to certain apps on the device, the paper also notes that computers and other smart devices connected to the hotspot could also be affected. Additionally, an attacker might be able to intercept messages passing between connected devices and the mobile hotspot. 

The researchers write that the entire process of identifying targets, deauthenticating wireless clients, capturing WPA handshakes, and cracking hotspot default passwords could easily be automated. The team even built an app  Hotspot Cracker  in order to automate the word list generation process. The computing power necessary to brute force crack the password, they say, could be supplied by cloud computing services. 

In all, the paper notes that the tendency for device manufacturers to make their default hotspot passwords easily memorizable is the main cause of the vulnerability. The researchers call for truly randomized passwords to be the default setting for mobile hotspot-capable devices.

"In the context of mobile hotspots," the report concludes, "there is no need to create easily memorizable passwords. After a device has been paired with once by typing out the displayed hotspot password, the entered credentials are usually cached within the associating device, and are reused within subsequent connections."

The paper also notes that Windows Phone 8 and Android devices can be vulnerable to similar attacks. Android by default generates tougher passwords, but many vendors modify the system for their own devices and change the password settings. Windows Phone 8 passwords consist of only eight-digit numbers, giving hackers a search space of 10^8 candidates.


Add your comment



Other articlesgo to homepage

Purported Original iPhone Prototype Sells on eBay for $1499!!

Purported Original iPhone Prototype Sells on eBay for $1499!!(0)

An alleged prototype version of Apple's original iPhone has sold on eBay for $1499, with the device appearing to be in excellent condition and containing signal strength measurements etched on the rear casing. The device is also shown running Apple's internal diagnostic software. I am selling a very rare original iPhone engineering prototype. These were used to

Apple to Unveil Next Generation iPhone on September 10!

Apple to Unveil Next Generation iPhone on September 10!(0)

Apple will unveil its next iPhone on September 10, reports AllThingsD, citing sources with knowledge of the event. Though the date of the announcement has been revealed, it is unclear whether the event will focus singularly on the upcoming iPhone 5S or if it will include Apple's rumored low-cost iPhone, possibly dubbed the iPhone "5C".  The iPhone

Possible Photo of Lower-Cost Plastic iPhone Rear Shells Shows New Blue Color!

Possible Photo of Lower-Cost Plastic iPhone Rear Shells Shows New Blue Color!(0)

This past weekend, shared photos of what could be the rear shell of Apple's rumored low-cost plastic iPhone in the colors green, red and yellow. While the site still acknowledges that the shells could be Chinese copies, certain features are still consistent with previous leaks and claims. Now the site shares [Google translation] a new photo that includes a

Apple’s iPhone 5S Revealed in New Photos!

Apple’s iPhone 5S Revealed in New Photos!(0)

MacRumors has received several images that appear to show both the interior and rear shell of Apple's upcoming iPhone 5S. The device appears to carry the same redesigned logic board that appeared earlier this week, suggesting that this is indeed a new iPhone. Among the interesting observations from the images:  – Based on the observable features, the

iPhone 5S: High resolution images claim to show ‘iPhone 5S’ and iPhone 5 display assemblies side-by-side!

iPhone 5S: High resolution images claim to show ‘iPhone 5S’ and iPhone 5 display assemblies side-by-side!(0)

A set of high resolution images were posted to the Web late Tuesday claiming to show a side-by-side comparison of the display assemblies for Apple's iPhone 5 and a rumored next-generation model dubbed "iPhone 5S." The photos come from FanaticFone, which alleges to have gotten their hands on a sample of the iPhone 5S display assembly

read more


Contacts and information

Social networks

Most popular categories

© 2013 Appleffect theme by Appleffect News All rights reserved.