Follow on Google News News By Tag Industry News News By Location Country(s) Industry News
Follow on Google News | ![]() iOS Personal Hotspot Presents Security IssueA security issue has been identified in iOS's Personal Hotspot feature. commissum comments on the issue that could allow unauthorised users can gain access to internet sharing on an iPhone or iPad in a matter of seconds.
By: Commissum Here’s how it works…iOS selects an easily remembered password from a list of just 1842 words and supplements it with four random digits. This would theoretically be quite secure as it results in approximately 18.4 million possible combinations. The issue is that iOS's algorithm for selecting a word from its dictionary results in certain words being chosen with increased frequency. In addition, closer analysis reveals that all 1842 words are to be found in a scrabble dictionary. Although the number of possible combinations may at first glance appear large, a single modern graphics card is able to determine the complete password within just 52 seconds, by simply trying out each word in the order of its probability of occurrence. Windows Phone, by comparison, doesn’t use a dictionary. It simply selects eight random digits, resulting in a much higher 100 million combinations, requiring a theoretical average of five minutes to crack. Android generates strong passwords, but some modified Android systems, such as HTC devices, are equipped with default passwords such as 1234567890. An application has been developed which demonstrates how quickly the password used by an iPhone can be cracked using an optimised dictionary and a cluster of several fast graphics cards. A future version of the app may enable users to eavesdrop on traffic from other hotspot connections or crack the password. The modest computing power offered by smartphones means that such an attack would take a little longer than 52 seconds, but CPU intensive work could be outsourced to the cloud, allowing shorter computation times. “With an increasing number of users making use of smart phone tethering on metered plans this kind of predictable password could allow attackers to run up big bills for mobile iPhone users” states Rory McCune. To avoid weaknesses in "random passwords", users should therefore always choose a secure password for themselves rather than rely on the password provided by the operating system. Apple appears to have recognised the problem with the latest beta version of iOS 7 suggesting random-looking combinations of letters and numbers with a length of at least ten characters for securing mobile hotspots. End
|
|