iOS's "Weak" Autogenerated Personal Hotspot Passwords Cracked in 50 Seconds
June 19, 2013 4:02 PM
Refined version of attack using collected WPA2 handshakes can succeed in
Security researchers at Germany's
(FAU) (located in Bavaria) have shown how surprising insecure hotspot password autogeneration is for Apple, Inc.'s (
Using an iOS app written in Apple's own Xcode programming environment, the team set to work analyzing the words that Apple uses to generate its security keys.
Apple's hotspot uses
a standard WPA2-type process, which includes the creation and passing of pre-shared keys (PSK).
The problem, is that the keys are generated based on small list of "random" words -- around 1,842 by the German teams' estimates. Further, the random generator used is poor, so some words are picked more often than others. Thus most hotspot passwords can be cracked very fast -- sometimes in as little as "50 seconds", according to the team.
The team describes their app,
This app assists in generating an iOS hotspot cracking word list, which might be used in subsequent attacks on other hotspot users. The app also gives explanations and hints on how to crack a captured WPA2 handshake using well-known password crackers. Future releases might also automate the process of capturing and cracking hotspot passwords. As computing power on smart devices is limited, one solution is to involve online password cracking services like
, to crack hotspot passwords on-the-fly.
Apple has a bit of a history of poor security awareness when it comes to passwords; at one point it was
storing the passwords for some OS X features in plaintext
. But less Apple be singled out too much for admonishment, the team also writes that other mobile operating systems appear to have similar flaws. The team writes, "Spot tests show that other mobile platforms are also affected by similar problems. We conclude that more care should be taken to create secure passwords even in PSK scenarios."
Thus it's quite possible that similar security flaws could exist in Google Inc.'s (
) Android, which could be even worse, in practice, thanks to carriers'
sluggish pace of security updates for Android
In recent months hackers have also announced upcoming presentations on how to gain root access to iPhones
via malicious (USB) chargers
"We can't expect users to use common sense. That would eliminate the need for all sorts of legislation, committees, oversight and lawyers." -- Christopher Jennings
Hackers Install Malware on iPhone With Malicious Charger
June 3, 2013, 3:36 PM
ACLU Complaint Claims "Slow" Android Updates are Endangering People
April 22, 2013, 2:01 PM
Apple Takes 3 Months But Finally Stops Printing Passwords in Plaintext
May 9, 2012, 5:20 PM
Apple's iPhone 4 Comes to Verizon Wireless With 5-device "Personal Hotspot"
January 11, 2011, 11:14 AM
The Galaxy C9 Pro Samsung Smartphone Has 6GB RAM
October 24, 2016, 4:29 AM
The Unlocked Moto Z Play Launches for $449.99 Today.
October 22, 2016, 5:00 AM
Nintendo Announced Next Game Machine to be Portable “handheld”.
October 21, 2016, 5:00 AM
Do you hate to do yard work?
October 20, 2016, 5:00 AM
Smart Technology Mood Collar To Understand Your Dog’s Emotions
October 17, 2016, 5:00 AM
iBeat: A heart monitoring smartwatch that can save lives by Monique C. Bethell, Ph.D
October 8, 2016, 10:25 AM
Most Popular Articles
Car Insurance - The Hidden Discriminatory Practise
October 18, 2016, 5:00 AM
Is Razer Blade Stealth Laptop For You?
October 16, 2016, 5:00 AM
Cyber Hackers Threaten Security of Lifesaving Medical Devices
October 19, 2016, 8:09 AM
Excellent Wi-Fi Camera - Panasonic Lumix DMC-FZ300K
October 18, 2016, 5:00 AM
Problems with Windows 10 – Update Now
October 15, 2016, 7:30 AM
Latest Blog Posts
MacBoo Pro 2016: Release date Oct. 27
Oct 24, 2016, 7:16 AM
Mac Users, Try this if Your Mac is Infected?
Oct 23, 2016, 7:00 AM
Tips to Prevent Smartphones From Overheating:
Oct 22, 2016, 5:00 AM
Nasa Flies Drones at Nevada Airport
Oct 21, 2016, 8:21 AM
T-Mobile Data Problems
Oct 20, 2016, 10:17 AM
Annoying Apple Watch Problems and How to Fix Them
Oct 20, 2016, 5:00 AM
Your Mail May Soon Be Delivered By Robot
Oct 19, 2016, 9:34 AM
2018 Jeep Wrangler Prototype Sells At Junkyard
Oct 18, 2016, 5:00 AM
Samsung Shines with Gold Edition Tablet
Oct 17, 2016, 9:24 AM
Tesla Hints Mysterious Product Debut for October 17th
Oct 16, 2016, 10:14 AM
Samsung Galaxy Note 7 Phones on US flights
Oct 15, 2016, 5:00 AM
Comcast Fined $2.3 Million For Unconfirmed Services Charged To Customers
Oct 14, 2016, 5:00 AM
“American singer / songwriter “Bob Dylan is awarded 2016 Nobel Prize in Literature.
Oct 13, 2016, 10:33 AM
Battery Defect in Medical Device
Oct 12, 2016, 5:00 AM
IBM Bolsters Social Services Sector With Technology Grants
Oct 11, 2016, 5:00 AM
Scientists Sound Alarm on Climate but US Still Toys With Skepticism
Oct 10, 2016, 5:00 AM
IMEX America Trade Show
Oct 9, 2016, 10:00 AM
Phone Wars – Google VS Samsung Free Gifts on Purchase
Oct 6, 2016, 5:00 AM
More Blog Posts
Copyright 2016 DailyTech LLC. -
Terms, Conditions & Privacy Information