iPhone passcode bypassed by security researchers
A group of German researchers at the Fraunhofer Institute for Secure Information Technology report that they've cracked the iPhone's keychain system, allowing access to the passwords saved on any phone in just six minutes.
By jailbreaking the target phone and installing an SSH app on it, the hackers found they could access any information on the phone that they wanted, without the need to input a passcode or any other form of security from the user. In other words, if they can get their hands on your iPhone, they have access to everything on the keychain, which includes any Gmail or Exchange accounts saved on the phone, as well as network, Wi-Fi and voicemail passwords, as well as the passwords on some apps.
You can read the full report as a PDF online. The only solution that Frauhofer lists in the report is that any lost or stolen iPhone must require its owners to assume that all passwords included on the handset are compromised, and must all be changed and replaced as soon as possible.
It's hard to think what Apple might be able to do about this -- as long as the phone can be jailbroken, this seems possible, and obviously Apple hasn't been able to stop jailbreaks in the past, for a number of reasons. On the other hand, this hack needs access to the phone itself, so if you don't lose your phone, you're still good to go.
Subscribe to Newsletter
Software Updatesmore updates
- Spotify update adds equalizer, refreshed Artist page and more
- Fantastical 2.1 for iOS adds new snooze, search and notification features
- ExpanDrive 4, more services and faster sync
- Apple adds iTunes Extras to Apple TV
- Spotify updates with new iPhone controls in time for summer BBQs
- iTunes U update will bring course creation and student discussion to iPad app