Apple's hotspot security is easily broken

Stefan Mileschin · 21st June 2013, 07:48

German security experts say that Apple's much touted mobile security system is rubbish and can be broken in under a minute.

On the iPhone or iPad, iOS users have the option of using an automatically generated password for their personal hotspots, which Apple implemented to provide all users with a secure password option.

But researchers at Germany's University of Erlangen say that the way that the keys are generated, which uses a combination of a short English word along with random numbers, is too predictable.

Apparently Apple, in its wisdom, used a word list that contained only 52,500 entries. This meant cracking the hotspot took almost 50 minutes. After finding a wi-fi connection, the researchers used a graphics card to run through word and number combinations using an open-source Scrabble crossword game.

They then used a "cheap and cheerful" AMD Radeon HD 6990 GPU to scan through the lists. To be fair to Apple, the AMD's dual-GPU Radeon HD 6990 is the world's fastest single graphics card and has a massive price tag.

The German boffins said that their methods were very precise. And using this unofﬁcial Scrabble word list within ofﬂine dictionary attacks, they had a 100 percent success rate of cracking any arbitrary iOS hotspot default password.

To be fair to Apple it did take some processing power to crack the hotspot that quickly. They used a GPU cluster of four AMD Radeon HD 7970s, and they narrowed their iOS-generated hotspot password cracking time down to just 50 seconds.

In the paper, the team slams Apple's password generation standards, suggesting that system generated passwords be composed of random letters and numbers.

It is not clear why Apple thought it was important to create easily memorised passwords. After all, once a device has been paired the entered credentials are cached.

The researchers said that it is common sense that system-generated passwords should be reasonably long, and should use a reasonably large character set.

Hotspot passwords should be composed of completely random sequences of letters, numbers, and special characters.

They think that Apple should be a little more like Microsoft and use default passwords that consist of eight digit numbers.

Apple users should choose to use passwords of their own creation, which should contain a sequence of random numbers and letters for enhanced security, the researchers wrote.

http://news.techeye.net/security/app...-easily-broken

21st June 2013, 07:48	#1
Stefan Mileschin [M] Reviewer Join Date: May 2010 Location: Romania Posts: 148,462	Apple's hotspot security is easily broken German security experts say that Apple's much touted mobile security system is rubbish and can be broken in under a minute. On the iPhone or iPad, iOS users have the option of using an automatically generated password for their personal hotspots, which Apple implemented to provide all users with a secure password option. But researchers at Germany's University of Erlangen say that the way that the keys are generated, which uses a combination of a short English word along with random numbers, is too predictable. Apparently Apple, in its wisdom, used a word list that contained only 52,500 entries. This meant cracking the hotspot took almost 50 minutes. After finding a wi-fi connection, the researchers used a graphics card to run through word and number combinations using an open-source Scrabble crossword game. They then used a "cheap and cheerful" AMD Radeon HD 6990 GPU to scan through the lists. To be fair to Apple, the AMD's dual-GPU Radeon HD 6990 is the world's fastest single graphics card and has a massive price tag. The German boffins said that their methods were very precise. And using this unofﬁcial Scrabble word list within ofﬂine dictionary attacks, they had a 100 percent success rate of cracking any arbitrary iOS hotspot default password. To be fair to Apple it did take some processing power to crack the hotspot that quickly. They used a GPU cluster of four AMD Radeon HD 7970s, and they narrowed their iOS-generated hotspot password cracking time down to just 50 seconds. In the paper, the team slams Apple's password generation standards, suggesting that system generated passwords be composed of random letters and numbers. It is not clear why Apple thought it was important to create easily memorised passwords. After all, once a device has been paired the entered credentials are cached. The researchers said that it is common sense that system-generated passwords should be reasonably long, and should use a reasonably large character set. Hotspot passwords should be composed of completely random sequences of letters, numbers, and special characters. They think that Apple should be a little more like Microsoft and use default passwords that consist of eight digit numbers. Apple users should choose to use passwords of their own creation, which should contain a sequence of random numbers and letters for enhanced security, the researchers wrote. http://news.techeye.net/security/app...-easily-broken

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Apple demos 'Activation Lock' security feature in iOS 7	Stefan Mileschin	WebNews	0	11th June 2013 08:14
Apple's security improvements eaten by bug	Stefan Mileschin	WebNews	0	28th March 2013 06:47
Apple security software reveals Windows passwords	Stefan Mileschin	WebNews	0	15th October 2012 07:32
Apple Invites Kaspersky to Improve OS X Security	Stefan Mileschin	WebNews	0	15th May 2012 06:57
Apple 10 Years Behind Microsoft on Security: Kaspersky Lab	Stefan Mileschin	WebNews	0	27th April 2012 08:17
Apple shows it hasn't a clue about security	Stefan Mileschin	WebNews	0	11th April 2012 08:43
Apple's Siri broken	Stefan Mileschin	WebNews	0	7th November 2011 13:24
WEP security totally broken	jmke	WebNews	0	4th April 2007 12:37
Wi-Fi Hotspot Security Tips	jmke	WebNews	0	21st February 2006 11:00
Wi-Fi Hotspot Security Tips	jmke	WebNews	0	17th February 2005 10:19