updated 03:50 pm EDT, Wed June 19, 2013
Default passwords described as too weak
The auto-generated passwords for iOS Personal Hotspots can be cracked in under a minute, a group of German researchers claim. In a paper (PDF) out of the University of Erlangen, the people explain that iOS generates passwords based on word list of about 52,500 entries, but only relies on 1,842. The word selection process is moreover said to be insufficiently random, making it easy to brute-force an attack.
The Erlangen researchers tested their hypothesis using a cluster of four AMD Radeon HD 7970s. While the process initially took over a minute, eventually it was whittled down to approximately 50 seconds. Once access to a hotspot was made available, the researchers were also able to gain access to services running on an iOS device, including wireless sharing apps like AirDrive HD.
The researchers comment that the hack could also affect devices connected to a hotspot, or allow people to intercept messages. As proof of the simplicity of the technique, a custom app dubbed Hotspot Cracker was developed to automate it.
"In the context of mobile hotspots," the paper deduces, "there is no need to create easily memorizable passwords. After a device has been paired with one by typing out the displayed hotspot password, the entered credentials are usually cached within the associating device, and are reused within subsequent connections."
Android is said to generate tougher passwords by default, but often have this strategy undermined by individual device makers. Windows Phone 8 uses eight-digit codes, which forces hackers to sort through 10^8 candidates.