Hack Decyphers iPhone, iPad, or iPod Passwords
The hack requires jail breaking and installing SSH on the iPhone or iPad and was done to target Keychain, Apple’s password-management system. The team uncovered that the secret password encryption is based on the device operating system default password and they explained it on a research paper they published. See below. This means any one with access to the device can create keys from it without having to hack the encrypted and secret passcode.
“As soon as attackers are in the possession of an iPhone or iPad and have removed the device’s SIM card, they can get a hold of e-mail passwords and access codes to corporate VPNs and WLANs as well,” said the researchers in a statement. Among the passwords that can be obtained from the devices are those for Gmail and all other mail and LDAP accounts, as well as VPN passwords, voicemail and WiFi passwords, plus some app passwords that store their information locally on the device.
Here is the steps on what to do.
1. Jailbreak the device
2. Get access to the file system
3. Copy the scripts to the device (provided by Fraunhofer team)
4. Execute the scripts
5. All your secrets are revealed
Since the default login/password combination for all iPhone/iPad is widely known – namely root/alpine and mobile/alpine, anyone could essentially pick up the device and have unrestricted access to it.
Therefore, one of the best way to ensure that your device is not compromised, if you lose it, is to changed the default password using an ssh terminal app.
Read their press release.