Researchers Find Hacking Any iPhone And Stealing All Passwords Takes Just Six Minutes

By

iphone

If you lose your iPhone, you’ve got a lot more to worry about than just having to buy a new phone or restore your contacts. German experts have just demonstrated that bypassing the security passcodes and gaining access to the iOS keychain on any iPhone is just a matter of six minutes.

The good news is that the hack, which is simple, still requires the hacker to have physical possession of your phone: it can’t be performed by remote tunneling through WiFi, 3G or Bluetooth. Once the iPhone is in a hacker’s possession, though, they simply jailbreak the handset, install an SSH server and then uses a Keychain script to slurp out your passwords.

The common sense advice of the researchers who discovered the hack is that all passwords should be changed immediately following the loss or theft of a handset… but that’s true with any lost gadget.

Additionally, you can use the excellent Find-my-iPhone service to try remotely disabling your iPhone if you lose it, although that’s obviously a matter of beating the thief to a computer before he can jailbreak your phone.

Newsletters

Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.