Researchers easily crack iOS-generated Hotspot passwords
According to researchers Andreas Kurtz, Felix Freiling and Daniel Metz, the default hotspot password in iOS 6 uses a short English word with some random numbers at the end. Earlier versions of iOS used a similar pattern that included two words separated by two numbers.
Not surprisingly, these passwords can be cracked in no time via a brute-force attack. Using one AMD Radeon HD 6990 GPU, the team was able to guess a password in 50 minutes. When they bumped the GPUs up to four AMD Radeon HD 7970s, they were able to drop the password-cracking time to a mere 50 seconds.
One reason the cracking was so easy is that Apple apparently uses a password list that picks from 1,842 words, and the selection of these words is not done randomly. It wouldn't take much effort for a savvy hacker to figure out this pattern and write a tool that would compromise a hotspot password faster than you can say supercalifragilisticexpialidocious.
The take home message is to change your hotspot password from the default one that is generated by iOS to one of your own choosing. It's easy enough to do -- just tap Settings > Personal Hotspot or Settings > General > Cellular > Personal Hotspot, depending on your device and software. Then tap the WiFi password field and type in a new phrase. The new password must be at least eight characters long and use ASCII/Unicode characters. You can read more about the Personal Hotspot feature on Apple's iOS support page.
Subscribe to Newsletter
Software Updatesmore updates
- Daily App: MyScript Calculator solves your hand-written math equations
- Findery app lets you discover the world around you using annotated notes and maps
- The Learnist app brings its crowd-sourced collection of information to your iPhone
- My cat Cinnamon reviews Friskies Cat Fishing 2
- Photo Grid Collage Maker is capable and free
- iExit gets new features and is now free