x404.co.uk
http://www.x404.co.uk/forum/

tethered iPhones easily crackable
http://www.x404.co.uk/forum/viewtopic.php?f=4&t=19182		 Page 1 of 1
Author:  bobbdobbs [ Tue Jun 18, 2013 6:49 pm ]
Post subject:  tethered iPhones easily crackable
clicky
Quote:
iPhones being used as Wi-Fi hotspots are open to attack because of lax security protocols in the automatic password generation system Apple has in place, according to new research from the University of Erlangen in Germany.

The paper, "Usability vs. Security: The Everlasting Trade-Off in the Context of Apple iOS Mobile Hotspots" by Andreas Kurtz, Felix Freiling, and Daniel Metz, found that the seemingly random password iOS generates for hotspots is simple to crack. It consists of four to six characters followed by a four-digit number string.
Author:  Amnesia10 [ Tue Jun 18, 2013 9:07 pm ]
Post subject:  tethered iPhones easily crackable
With the computing power of phones and anything that they are tethered to why can't they have much tougher encryption? My iPad is capable of handling the 50 digit encryption of my wifi so it is more than capable of tethering to a much stronger tethering signal. Though I suspect that the NSA and other security bodies would hate it if everyone had such powerful encryption for tethering. Maybe all phones have similarly weak basic tethering?


Sent from my iPad using Tapatalk.
Author:  jonbwfc [ Tue Jun 18, 2013 11:01 pm ]
Post subject:  Re: tethered iPhones easily crackable
Amnesia10 wrote:
With the computing power of phones and anything that they are tethered to why can't they have much tougher encryption?

The encryption is only ever as good as the password. And with something like this, you've got the conflict between a long, secure password and a password people can actually remember/transcribe successfully between the phone screen and the input field on whatever device they want to tether. Remember if nothing else it's got to fit on the phone screen for people to read it, so 128 character passwords are basically out for a start.

They could make it a less consistent pattern, that would help, but they're never going to be able to make the password 'secure'. You could make it secure, but that would also make it basically useless.

Also, remember, this won't actually get you any data that's on the phone. What's being 'cracked' here isn't actually the phone at all, it's the wifi network the phone is broadcasting. Being on that wifi network possibly helps with cracking the phone, but it's by no means trivial to do from there. It's like someone having the IP address of your home PC - it's a first step, but it's not the whole job.

It's a valid complaint from a security perspective but, in fact, I'm not sure it's anything to panic over. Until someone proves you can actually access the phone's flash RAM using the tethered wifi after breaking the password, all it allows someone to do is steal a bit of your 3G/4G data cap.
Author:  Amnesia10 [ Tue Jun 18, 2013 11:38 pm ]
Post subject:  tethered iPhones easily crackable
I fully appreciate the limitations of users being able to remember passwords. Mine is copied and pasted into the relevant fields and even for the rare occasion that I actually have to type in the password I use the password manager on the computer to help me. In the case of tethering you set the phone as the hotspot and then pair the device. It has been ages since I set the two devices up so cannot remember how I actually did it. A safer way of pairing might actually use three sets of 4 digit numbers to verify the device. That reduces the pairing risks significantly, though if the hotspot password is short then it only makes cracking easy.

As for the real risk I agree it is minimal. My phone is rarely tethered but I have the facility if necessary.

Sent from my iPad using Tapatalk.
Author:  bobbdobbs [ Wed Jun 19, 2013 5:39 am ]
Post subject: 
Once the password has been cracked, the operator can piggyback on the hotspot's bandwidth, stage a man-in-the-middle attack for eavesdropping, and get access to files stored on the device. Jailbroken iPhones are extra risky since they could allow access to the basic iPhone system services code

Sent from my GT-I9505 using Tapatalk 4 Beta
Author:  jonbwfc [ Wed Jun 19, 2013 6:25 am ]
Post subject:  Re:
bobbdobbs wrote:
and get access to files stored on the device.

How?

bobbdobbs wrote:
Jailbroken iPhones are extra risky since they could allow access to the basic iPhone system services code

If you jailbreak your phone you accept that you're intentionally compromising it's security.
Author:  Amnesia10 [ Wed Jun 19, 2013 9:10 am ]
Post subject:  Re:
bobbdobbs wrote:
Jailbroken iPhones are extra risky since they could allow access to the basic iPhone system services code

Sent from my GT-I9505 using Tapatalk 4 Beta

It is one reason why I have not bothered jailbreaking my iPhone or iPad.
Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/