Researchers able to predict iOS-generated hotspot passwords in less than a minute
Anyone who's tried to tether to their iPhone or iPad will recall how iOS manages to craft its own passwords when used as a personal hotspot. The aim is to ensure that anyone sharing a data connection will get some degree of security, regardless of whether or not they tinker with the password themselves. However, three researchers from FAU in Germany have now worked the structure behind these auto-generated keys -- a combination of a short English word and a series or random numbers -- and managed to crack that hotspot protection in under a minute. To start, the word list contains about 52,500 entries, and once the testers were able to capture a WiFi connection, they used an AMD Radeon HD 6990 GPU to cycle through all those words with number codes, taking just under 50 minutes to crack with rote entry. Following that, they realized that only a small subset (just 1,842) of the word list was being used.
With an even faster GPU -- a cluster of four AMD Radeon HD 7970s -- they got the hotspot password cracking time to 50 seconds. The Friedrich-Alexander University researchers added that unscrupulous types could use comparable processing power through cloud computing. "System-generated passwords should be reasonably long, and should use a reasonably large character set. Consequently, hotspot passwords should be composed of completely random sequences of letters, numbers, and special characters," says the report, which outlines the trade-off between security and usability. However, as ZDNet notes, Apple's cycled password approach still offers more protection than static options found elsewhere. Check out the full paper at the source.