toggle

AAPL Stock: 116.47 ( + 0.16 )

Printed from http://www.macnn.com

Researchers crack auto-generated iOS hotspot passwords in 60 seconds

updated 03:50 pm EDT, Wed June 19, 2013

Default passwords described as too weak

The auto-generated passwords for iOS Personal Hotspots can be cracked in under a minute, a group of German researchers claim. In a paper (PDF) out of the University of Erlangen, the people explain that iOS generates passwords based on word list of about 52,500 entries, but only relies on 1,842. The word selection process is moreover said to be insufficiently random, making it easy to brute-force an attack.

The Erlangen researchers tested their hypothesis using a cluster of four AMD Radeon HD 7970s. While the process initially took over a minute, eventually it was whittled down to approximately 50 seconds. Once access to a hotspot was made available, the researchers were also able to gain access to services running on an iOS device, including wireless sharing apps like AirDrive HD.

The researchers comment that the hack could also affect devices connected to a hotspot, or allow people to intercept messages. As proof of the simplicity of the technique, a custom app dubbed Hotspot Cracker was developed to automate it.

"In the context of mobile hotspots," the paper deduces, "there is no need to create easily memorizable passwords. After a device has been paired with one by typing out the displayed hotspot password, the entered credentials are usually cached within the associating device, and are reused within subsequent connections."

Android is said to generate tougher passwords by default, but often have this strategy undermined by individual device makers. Windows Phone 8 uses eight-digit codes, which forces hackers to sort through 10^8 candidates.




by MacNN Staff

toggle

Comments

  1. djbeta

    Fresh-Faced Recruit

    Joined: 01-11-04

    wow, now that sounds just plain lazy..

  1. Spheric Harlot

    Clinically Insane

    Joined: 11-07-99

    This is ridiculous.

    The point of personal hotspot is to quickly have a casually secured Internet connection.
    Once it hasn't been accessed for ten minutes, it is switched off automatically, and the password is completely irrelevant.

    Generating complex random passwords is the OPPOSITE of what you want - the whole idea is to have something that can be quickly supplied to the colleague or co-worker, or your other device, that needs to go online in a pinch.

  1. Charles Martin

    MacNN Editor

    Joined: 08-04-01

    What SH said. And if anyone IS concerned still, just set your own password for the hotspot rather than rely on the auto-generated one. This is, I would think, Not A Big Deal unless you routinely do financial or very sensitive stuff on your personal hotspot.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Plantronics BackBeat Pro Bluetooth headphones

Looking for a pair of headphones that can do everything a user requires is a task that can take some study. Trying to decide on in-ear ...

MaxUpgrades 512GB Retina MacBook Pro SSD

Apple's Retina line of MacBook Pro notebooks have been impressive, right from their debut in 2012. Thinner than the previous model, t ...

Lemur BlueDriver

"Oh no, the check engine light is on…again! What one of the hundreds of reasons could it be this time? Probably going to cost a for ...

toggle

Most Commented