With the computing power of phones and anything that they are tethered to why can't they have much tougher encryption? My iPad is capable of handling the 50 digit encryption of my wifi so it is more than capable of tethering to a much stronger tethering signal. Though I suspect that the NSA and other security bodies would hate it if everyone had such powerful encryption for tethering. Maybe all phones have similarly weak basic tethering?


Sent from my iPad using Tapatalk.

The encryption is only ever as good as the password. And with something like this, you've got the conflict between a long, secure password and a password people can actually remember/transcribe successfully between the phone screen and the input field on whatever device they want to tether. Remember if nothing else it's got to fit on the phone screen for people to read it, so 128 character passwords are basically out for a start.

They could make it a less consistent pattern, that would help, but they're never going to be able to make the password 'secure'. You could make it secure, but that would also make it basically useless.

Also, remember, this won't actually get you any data that's on the phone. What's being 'cracked' here isn't actually the phone at all, it's the wifi network the phone is broadcasting. Being on that wifi network possibly helps with cracking the phone, but it's by no means trivial to do from there. It's like someone having the IP address of your home PC - it's a first step, but it's not the whole job.

It's a valid complaint from a security perspective but, in fact, I'm not sure it's anything to panic over. Until someone proves you can actually access the phone's flash RAM using the tethered wifi after breaking the password, all it allows someone to do is steal a bit of your 3G/4G data cap.

I fully appreciate the limitations of users being able to remember passwords. Mine is copied and pasted into the relevant fields and even for the rare occasion that I actually have to type in the password I use the password manager on the computer to help me. In the case of tethering you set the phone as the hotspot and then pair the device. It has been ages since I set the two devices up so cannot remember how I actually did it. A safer way of pairing might actually use three sets of 4 digit numbers to verify the device. That reduces the pairing risks significantly, though if the hotspot password is short then it only makes cracking easy.

As for the real risk I agree it is minimal. My phone is rarely tethered but I have the facility if necessary.

Sent from my iPad using Tapatalk.

Once the password has been cracked, the operator can piggyback on the hotspot's bandwidth, stage a man-in-the-middle attack for eavesdropping, and get access to files stored on the device. Jailbroken iPhones are extra risky since they could allow access to the basic iPhone system services code

Sent from my GT-I9505 using Tapatalk 4 Beta

How?


If you jailbreak your phone you accept that you're intentionally compromising it's security.

It is one reason why I have not bothered jailbreaking my iPhone or iPad.