iOS Personal Hotspot Presents Security Issue

EDINBURGH, Scotland - July 1, 2013 - PRLog -- AAAA security issue has been identified in iOS's Personal Hotspot feature. The feature, also known as tethering, allows a phone to be used as a hotspot for other devices. In principle, the WPA2 encryption used by default for the Wi-Fi connection is secure, but this depends on the pre-shared key, or encryption password, used. If the smartphone operating system issues an insecure default password for Wi-Fi hotspots, and users don’t change it to make it more secure, then despite a strong encryption algorithm unauthorised users can gain access to internet sharing on an iPhone or iPad in a matter of seconds. According to commissum senior consultant Rory McCune “Pre-Shared keys have always been a bit of a weak point in wireless security as they tend to stay set for long periods of time once the system is in place.  Hence the reason that any weakness in the way they are generated can be so serious.”

Here’s how it works…iOS selects an easily remembered password from a list of just 1842 words and supplements it with four random digits. This would theoretically be quite secure as it results in approximately 18.4 million possible combinations.  The issue is that iOS's algorithm for selecting a word from its dictionary results in certain words being chosen with increased frequency. In addition, closer analysis reveals that all 1842 words are to be found in a scrabble dictionary.  

Although the number of possible combinations may at first glance appear large, a single modern graphics card is able to determine the complete password within just 52 seconds, by simply trying out each word in the order of its probability of occurrence.  Windows Phone, by comparison, doesn’t use a dictionary.  It simply selects eight random digits, resulting in a much higher 100 million combinations, requiring a theoretical average of five minutes to crack. Android generates strong passwords, but some modified Android systems, such as HTC devices, are equipped with default passwords such as 1234567890.

An application has been developed which demonstrates how quickly the password used by an iPhone can be cracked using an optimised dictionary and a cluster of several fast graphics cards.  A future version of the app may enable users to eavesdrop on traffic from other hotspot connections or crack the password. The modest computing power offered by smartphones means that such an attack would take a little longer than 52 seconds, but CPU intensive work could be outsourced to the cloud, allowing shorter computation times. “With an increasing number of users making use of smart phone tethering on metered plans this kind of predictable password could allow attackers to run up big bills for mobile iPhone users” states Rory McCune.

To avoid weaknesses in "random passwords", users should therefore always choose a secure password for themselves rather than rely on the password provided by the operating system.

Apple appears to have recognised the problem with the latest beta version of iOS 7 suggesting random-looking combinations of letters and numbers with a length of at least ten characters for securing mobile hotspots.