AAPL Stock: 117.81 ( -0.22 )

Printed from

Researchers crack auto-generated iOS hotspot passwords in 60 seconds

updated 03:50 pm EDT, Wed June 19, 2013

Default passwords described as too weak

The auto-generated passwords for iOS Personal Hotspots can be cracked in under a minute, a group of German researchers claim. In a paper (PDF) out of the University of Erlangen, the people explain that iOS generates passwords based on word list of about 52,500 entries, but only relies on 1,842. The word selection process is moreover said to be insufficiently random, making it easy to brute-force an attack.

The Erlangen researchers tested their hypothesis using a cluster of four AMD Radeon HD 7970s. While the process initially took over a minute, eventually it was whittled down to approximately 50 seconds. Once access to a hotspot was made available, the researchers were also able to gain access to services running on an iOS device, including wireless sharing apps like AirDrive HD.

The researchers comment that the hack could also affect devices connected to a hotspot, or allow people to intercept messages. As proof of the simplicity of the technique, a custom app dubbed Hotspot Cracker was developed to automate it.

"In the context of mobile hotspots," the paper deduces, "there is no need to create easily memorizable passwords. After a device has been paired with one by typing out the displayed hotspot password, the entered credentials are usually cached within the associating device, and are reused within subsequent connections."

Android is said to generate tougher passwords by default, but often have this strategy undermined by individual device makers. Windows Phone 8 uses eight-digit codes, which forces hackers to sort through 10^8 candidates.

by MacNN Staff



  1. djbeta

    Junior Member

    Joined: 01-11-04

    wow, now that sounds just plain lazy..

  1. Spheric Harlot

    Clinically Insane

    Joined: 11-07-99

    This is ridiculous.

    The point of personal hotspot is to quickly have a casually secured Internet connection.
    Once it hasn't been accessed for ten minutes, it is switched off automatically, and the password is completely irrelevant.

    Generating complex random passwords is the OPPOSITE of what you want - the whole idea is to have something that can be quickly supplied to the colleague or co-worker, or your other device, that needs to go online in a pinch.

  1. Charles Martin

    MacNN Editor

    Joined: 08-04-01

    What SH said. And if anyone IS concerned still, just set your own password for the hotspot rather than rely on the auto-generated one. This is, I would think, Not A Big Deal unless you routinely do financial or very sensitive stuff on your personal hotspot.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented