Categories: Mobile

iPhone security can be breached in less than 6 minutes – Fraunhofer Institute

German sercurity firm Fraunhofer has found a way to gain access to passwords held on iPhones and iPads in about the same length of time it takes to make a proper cup of coffee.

Fraunhofer tech experts were able to gain access to a pin-locked iPhone and download password information from the device’s apps and browsers. Accessing the information involved jail-breaking the phone which allowed the security experts to install any applications they wished. The download the information Fraunhofer experts wrote a script that searched for and displayed user login information once installed.

While potential hackers need direct access to the phone the experts warned that “the overall approach only takes six minutes, which might provide an [ideal] opportunity for an attacker to return the device to the owner to cover the revealing of passwords.”

Download detailed information from the Fraunhofer Institute on how they breached iPhone security (PDF | 92KB)

Many people think that the Smartphone device encryption will provide sufficient security. “This opinion we encountered even in companies’ security departments”, says Jens Heider, technical manager of the Fraunhofer SIT security test lab. “Our demonstration proves that this is a false assumption. We were able to crack devices with high security settings within a very short time.” The testers did not have to break the 256 bit encryption to get to the passwords stored in the devices’ keychain. A weakness in the security design was used: The underlying secret the attacked password’s encryption is based on is stored in the device’s operating system. This means that the encryption is independent from the personal password, which is actually supposed to protect the access to the device.

The test was carried out on with an iPhone running iOS 4.2.1

Ajit Jain

Ajit Jain is marketing and sales head at Octal Info Solution, a leading iPhone app development company and offering platform to hire Android app developers for your own app development project. He is available to connect on Google Plus, Twitter, Facebook, and LinkedIn.

View Comments

Recent Posts

Nisum, Applied AI Consulting partner-up to turn the promise of AI into tangible results

Across industries, AI has been promised as the magic bullet, poised to solve different business…

1 hour ago

WEF blog calls for an ‘International Cybercrime Coordination Authority’ to impose collective penalties on uncooperative nations

How long until online misinformation and disinformation are considered cybercrimes? perspective The World Economic Forum…

3 hours ago

With surge in AI-generated code creates security concerns, DeepSources launches trio of autonomous AI agents for DevSecOps 

Autonomous, AI-powered employees are set to begin roaming corporate networks sooner than expected, marking the…

3 days ago

As carcinogenic chemicals from cleaning products hit the headlines, Viking Pure Solutions is protecting employees from harm

Despite the ongoing fight to reduce, reuse and recycle plastics, when it comes to environmental…

3 days ago

Muddy Waters vs. AppLovin: Why Investors Might Be the Real Target

Muddy Waters’ recent short report on AppLovin reads serious. Abuse, violations, an impending takedown. But…

4 days ago

Trump’s Tariff Policy: An Apparent Double Standard for Apple?

Do you know how I knew that Trump would be the 47th President of the…

4 days ago