German scientists mine passwords from jailbroken iPhone in 6 seconds

Jailbreakers, do you remember the SSH vulnerability with the default password (“alpine”), and how people were able to tunnel into your phone with that? If you were smart, you changed that default password, thereby closing that door, but a new vulnerability has now been discovered by German scientists — and it’s another pesky SSH issue. These researchers managed to access the saved passwords in a locked jailbroken iPhone, all without cracking the passcode.

Luckily, this isn’t one of those remote hacks. The assailant has to have the phone in hand in order to tap into “Keychain,” Apple’s password management system. The program stores a variety of login info for things like FTP servers, SSH accounts, network shares, wireless networks and groupware applications. This can compromise the security of the phone itself, making other parts of the iOS file system vulnerable, and that can compromise the networks the iPhone connects to.

To make this work, the iPhone must be jailbroken with an SSH server installed on it. The hacker copies a script to the phone that uses the built-in functions to get Keychain data and export it.

Says the German researchers:

The attack works because the cryptographic key on current iOS devices is based on material available within the device and is independent of the passcode

It might sound a little intensive, but in reality, it only took 6 seconds to run this. Check out the vid and see for yourself.

Thankfully it can’t access all of the phone’s data, just Keychain passwords, but that’s still pretty bad. Think about it: Would you want anyone else to access your MS Exchange email account, LDAP accounts, voicemail, VPN, WiFi passwords and select App passwords? The thought is a little frightening. Unfortunately, there’s no fix for this yet.

But if you’ve lost an iDevice, take this as a warning: You may want to change those passwords as fast as you can.

Via: ComputerWorldUK, RedmondPie