Forgot your password?
typodupeerror
IOS Security

Researchers Crack iOS Mobile Hotspot Passwords In Less Than a Minute 49

Posted by Soulskill
from the algorithm-to-guess-your-cat's-name dept.
msm1267 writes "Business travelers who tether their iPhones as mobile hotspots beware. Researchers at the University of Erlanger-Nuremberg in Germany have discovered a weakness in the way iOS generates default passwords for such connections that can leave a user's device vulnerable to man-in-the-middle attacks, information leakage or abuse of the user's Internet connection. Andreas Kurtz, Felix Freiling and Daniel Metz published a paper (PDF) that describes the inner workings of how an attacker can exploit the PSK (pre-shared key) authentication iOS uses to establish a secure WPA2 connection when using the Apple smartphone as a hotspot. The researchers said that attackers would find the least resistance attacking the PSK setup rather than trying their hand at beating the operating system's complex programming layers."
This discussion has been archived. No new comments can be posted.

Researchers Crack iOS Mobile Hotspot Passwords In Less Than a Minute

Comments Filter:
  • by Major Ralph (2711189) on Wednesday June 19, 2013 @03:53PM (#44053393)

    abuse of the user's Internet connection

    I abuse my internet on a daily basis.

  • by Cajun Hell (725246) on Wednesday June 19, 2013 @06:12PM (#44054769) Homepage Journal

    ..in iOS 6 for example, the operating system proposes four-to-six-character passwords generated from a default list of 1,842 words and then tags on a random four-digit number.

    I think I can explain what happened.

    First of all, this story is a dupe. It originally ran on April 1st, 1990. At the time, the story was about "System 6" but some recent tech media editor thought that meant "iOS 6" (I'll explain how the mistake happened, below). That explains the pre-mass-mainstream approach to passwords.

    Secondly, even the 1990 story was a hoax. By the standards of the day, that was still such a stupid way to generate passwords, that no one would do it.

    Third, the story was written by a guy who turned out to be working at Microsoft. The whole point of the hoax was to make the Newton tablet look stupid, a mis-engineered travesty designed by utterly clueless morons. The 2013 tech media editor saw "Newton" and knew that couldn't be right, which is how it became iOS. Newtons didn't really run System 6, but the original Microsoft author didn't know that.

    In short, this is about stupidity that is so stupid, that people didn't do things that stupidly, even back when your mother hadn't heard of the Internet yet.

    Just kidding. It's a modern story, but I just wanted to point out that even the most absurd bend-over-backward-to-rationalize-things explanation for behavior this stupid, still isn't very convincing. No field can distort reality to the required degree.

Slowly and surely the unix crept up on the Nintendo user ...

Working...