Wednesday, June 19, 2013

iOS Personal Hotspot can be Cracked in Less than 1 Minute

If you regularly use your iPhone or iPad as a mobile WiFi hotspot to share internet access with other devices, you'll want to read this. When you use your iPhone to create a personal hotspot, iOS automatically generates a "random" password that may look like a strong enough password for us not to touch it any further. However, that's hardly the case, as recently demonstrated by researchers that are able to crack any iOS Personal hotspot with a system generated password in less than a minute.

The thing is, iOS uses a combination of short words and number sequences that create a password you can more easily remember. To do so, Apple has a list of over 52 thousand words that serve as a base foe those automatically generated passwords. Even if you consider 52 thousand words and all possible number combinations, you can easily try out every possible combination until you get the right one. Using a GPU, that's something you can do in under 50 minutes.

But wait... 50 minutes isn't that bad, right? You're probably never around the same place for that long.

The problem is that the iOS "random" word chooser does a pretty bad job at it, and ends up using just about 1842 of the 50 thousand available. That makes it even easier for attackers to narrow down the possible candidates, making it possible to crack it in under one minute using a 4 GPU cluster. (And it might take even less if you offload this intensive processing to some cloud computing service).

However, don't worry too much about it. All you have to do is to use your own - secure - password, and you can easily make things much more complicated for this kind of attack. Bruteforcing a 16 character password with upper and lower case letters, number and symbols isn't something that can be one in a matter of seconds, hours, or even days.

No comments:

Post a Comment

Related Posts with Thumbnails

Amazon Store