• Researchers Find Huge Security Flaw with Hotspot Feature in iOS Platform

    According to a group of German researchers who are claiming to be able to crack iOS Personal Hotspot keys in less than a minute, the default generated passwords that are currently protecting the mobile hotspot feature of Apple’s iPhones and iPads are weak and flawed. In a paper titled “Usability vs. Security: The Everlasting trade-Off in the Context of Apple iOS Mobile Hotspots,” researchers from the University of Erlangen demonstrate that iOS generates weak default passwords for its mobile hotspot feature and showed that the code was susceptible to brute force attacks on the WPA2 handshake.

    The paper continues by sharing that iOS generates its default passwords based on a word list of roughly 52,500 entries, though iOS apparently relies on about 1,842 of those entries. Additionally, the process for selecting words from the list is insufficiently randomized. This leads to skewed distribution of words that go into default passwords and the skewed distribution apparently makes it easier to crack a device’s password.

    Using a GPU cluster with four AMD Radeon HD 7970s, the researchers claimed a 100% success rate in cracking iOS-generated passwords. Over the course of the experiment, the researchers got the time to retrieve a password down to around 50 seconds. The paper noted that “access to a mobile hotspot also results in access to services running on a device.” It points to apps such as AirDrive HD and other wireless sharing apps as the first easily accessible services once access to the device has been gained.

    Aside from access to certain apps on the device, the paper also notes that computers and other smart devices connected to the hotspot could also be affected. Additionally, an attacker might be able to intercept messages passing between connected devices and the mobile hotspot. The researchers write that the entire process of identifying targets, de-authenticating wireless clients, capturing WPA handshakes, and cracking hotspot default passwords could easily be automated. The team even built an app called Hotspot Cracker in order to automate the word list generation process. The computing power necessary to brute force crack the password, they say, could be supplied by cloud computing services.

    According to the paper, the tendency for device manufacturers to make their default hotspot passwords easily memorizable is the main cause of the vulnerability. The researchers call for truly randomized passwords to be the default setting for mobile hotspot-capable devices. The report concludes the following:

    In the context of mobile hotspots, there is no need to create easily memorizable passwords. After a device has been paired with once by typing out the displayed hotspot password, the entered credentials are usually cached within the associating device, and are reused within subsequent connections.
    One last thing to point out was that both Windows Phone 8 and Android devices are also vulnerable to similar attacks. Android by default generates tougher passwords but many vendors modify the system for their own devices and change the password settings. Windows Phone 8 passwords consist of only eight-digit numbers, giving hackers a search space of 10^8 candidates.

    Source: University of Erlangen (PDF)
    This article was originally published in forum thread: Resarchers Find Huge Security Flaw with Hotspot Feature in iOS Platform started by Akshay Masand View original post
    Comments 9 Comments
    1. Spliff1's Avatar
      Spliff1 -
      Why is there a spelling mistake in the title?
    1. Own3d's Avatar
      Own3d -
      Quote Originally Posted by Spliff1 View Post
      Why is there a spelling mistake in the title?
      Grammar nazi's were sleeping.
    1. bigboyz's Avatar
      bigboyz -
      Here is a novel idea, create your own long password using symbols, caps and numbers. Yes, fix the spelling haha!
    1. iPhoneThereforeIAm's Avatar
      iPhoneThereforeIAm -
      Who uses default passwords anyway ?
      Non-news article for newbophytes.
    1. peacedog's Avatar
      peacedog -
      My password is 9999999999. I rarely use it for more than 30 minutes at a time, and it's usually while waiting in a doctor's office or as a car passenger. For me, I don't care if there is a security flaw.
    1. iPhoneThereforeIAm's Avatar
      iPhoneThereforeIAm -
      Is Wifi-cracking a large-scale means of infection and data-acquisition ?
    1. rkisling's Avatar
      rkisling -
      The title is misspelled because it's harder to crach passwords that are mispellled words...
    1. fleurya's Avatar
      fleurya -
      Quote Originally Posted by iPhoneThereforeIAm View Post
      Who uses default passwords anyway ?
      Non-news article for newbophytes.
      THANK YOU!

      I have been saying this all along!
    1. ThatOneProfile's Avatar
      ThatOneProfile -
      Oh because we won't see (1more connection) in big blue letters on the status bar.
  • Connect With Us

  • Twitter Box

  • Facebook