Researchers easily crack iOS-generated Hotspot passwords
According to researchers Andreas Kurtz, Felix Freiling and Daniel Metz, the default hotspot password in iOS 6 uses a short English word with some random numbers at the end. Earlier versions of iOS used a similar pattern that included two words separated by two numbers.
Not surprisingly, these passwords can be cracked in no time via a brute-force attack. Using one AMD Radeon HD 6990 GPU, the team was able to guess a password in 50 minutes. When they bumped the GPUs up to four AMD Radeon HD 7970s, they were able to drop the password-cracking time to a mere 50 seconds.
One reason the cracking was so easy is that Apple apparently uses a password list that picks from 1,842 words, and the selection of these words is not done randomly. It wouldn't take much effort for a savvy hacker to figure out this pattern and write a tool that would compromise a hotspot password faster than you can say supercalifragilisticexpialidocious.
The take home message is to change your hotspot password from the default one that is generated by iOS to one of your own choosing. It's easy enough to do -- just tap Settings > Personal Hotspot or Settings > General > Cellular > Personal Hotspot, depending on your device and software. Then tap the WiFi password field and type in a new phrase. The new password must be at least eight characters long and use ASCII/Unicode characters. You can read more about the Personal Hotspot feature on Apple's iOS support page.
Subscribe to Newsletter
Software Updatesmore updates
- OS X Yosemite 10.10.2, iOS 8.1.3 updates now available
- Sports Illustrated 120 SPORTS channel comes to Apple TV
- Logic Pro X update brings AirDrop support, new effects, tools, and more
- Parallels Access 2.5 released, adds file manager, computer-to-computer remote access
- The Google Translate iOS app is about to get a lot smarter
- Dropbox adds file/folder renaming and Office document editing to iOS app