Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Researchers Crack iOS-Generated Hotspot Passwords in 50 Seconds

Huge example of the benefits of Open CL for high end GPU's for serious data crunching I'd say!

When it comes to Mobile Hotspot tethering, I don't use it very often despite having unlimited usage with my carrier plan. The first thing I had changed was the default password to only data I could recall.

I wonder when or if the MacBook Air will gain a nano SIM slot as it seems the most logical of Apple notebooks to have a WWAN option over 3G or LTE service much like the iPad with various wireless carrier options to choose from.

That being said though even with a strong 4G signal on my T-Mobile iPhone 5, it still remains faster than many DSL open networks often found in coffee houses aside from Starbucks. I could only imagine the madness if I had LTE in my area. For now, I get by with a steady 18Mb connection. :)


Couple typos squashed.
 
Last edited:
MaxxTraxx said:
I can imagine folks just roaming airports with these AMD systems looking for iPhone passwords.
Click to expand...

Which iPhone password ? It's a specific wifi sharing password which means nothing.

That's hilarious how news are coming now: Apple sucks because iPhones are bad firewall / router now. Just as it was the main purpose...

Nothing is never enough to **** on Apple it seems
 
35ywzp.jpg


This feels like one of those cases where absolute technical correctness doesn't factor in real-world use. That the default password is even vaguely secure is a win, given if Apple generates one that is too random, people will simply overwrite it with the aforementioned "password" or "12345". The expectation that you never need to know it again after you've entered it once is also not real-world accurate. My (Wi-Fi) iPad knows my iPhone's AirPort Hotspot password, but my mother's iPad, father's iPad, niece's iPod touch and my MBP do not. And I know a bunch of other people with Apple and non-Apple devices that could potentially use it. And since I have to give them the password and I have to turn it on before it does anything, I'll know who should be using it. We keep hearing about social engineering being a major factor in security - coupled with active connection indicator, this appears to be one case where Apple seems to have made a reasonable compromise. That's not to say that the default password couldn't stand to be more secure, but by the same token, the most secure Wi-Fi Hotspot in the world is the one that doesn't accept any connections whatsoever. Because it's turned off. You want to 100% protect your computer or your mobile device from external hacking? Turn it off and unplug every cable/connection. Hope you enjoy (not) using it in that state.
 
Last edited:
A single word is a bit of a security blunder; they could just as easily use four words, each with a random number, separated by hyphens. It's still not exactly secure, but for an ad-hoc hotspot it's orders of magnitude better, and should be more than sufficient.

However, really they should enable the iPhone to receive connections via WPS; this way you can generate the most complex password possible and the user just needs to touch two buttons to connect. Using WPA2 would obviously help as well.


I dunno, they talk about how using a string of random letters and numbers is better, and while that's what I use for my home router, it's a huge pain to enter into mobile devices. Even if I were to disable special symbols (which are the worst to enter since you have to do lots of pressing and holding or keyboard switching) then a long letters and numbers password is still very easy to make mistakes with.

Give WPS hot-spot connection and massive, utterly random passwords will be ideal.
 
To solve your issues, why not tether with a USB cable and cure the security headaches along with getting some battery charge back into your iPhone?
 
So does the iPhone have enough processing power to constantly check all of these password attempts? Wouldn't any device just stop you from attempting after a few dozen or a few hundred rapid incorrect attempts?
 
ziggyonice said:
This does not appear to be an issue in iOS 7.

The passwords generated in the beta are not based on dictionary words and are considerably more randomized.
Click to expand...

Came here to ask that. I was concerned that if I started to use the new iCloud keychain, if this Apple-generated password is so easy to crack, then what about the new ones? Seems I need not wory then, which is a relief. :)
 
elpamyelhsa said:
If you are talking about your iPhone lock password, you can change it to alpha-numerical password of any length. Goto Settings > Passcode Lock > Simple Password = Off
Click to expand...

What this guy said. Plus if you only pick numbers from the Kboard, when ios asks for a passcode it'll still bring up the number board.
 
So I have to stop seeing my beloved p0rn at starbucks so I don't have to share it with a hacker? What a sad day :(
 
jent said:
So does the iPhone have enough processing power to constantly check all of these password attempts? Wouldn't any device just stop you from attempting after a few dozen or a few hundred rapid incorrect attempts?
Click to expand...

You can capture traffic from the encrypted WPA network and decode it locally using your 52,000 word dictionary then you will know for next time they enable their hotspot. But this is nothing new, this can be the same for any wireless network.
 
in one word: Parallelism

GPUs (especially AMDs) have a LOT (thousands) of simple parallel cores, while CPUs have just a few (4 or 6 normally) very complex cores.

ChrisA said:
GPUs are designed to operated on MANY thousands of identical objects simultaneously. For example to move al the vectors that make up some wire frame.

Or more simply the GPU can try many guesses all at the time time whee as the CPU has to make guesses one by one. The GPU can be thousands of times faster as very simple receptive tasks but is harder to program
Click to expand...

fivedots said:
Genuinely curious: What is the advantage of using a GPU for this type of processing vs. standard CPU processing?
Click to expand...
 
well...

If you run your iOS device as a hotspot, you're away from a wire to the Internet, and away from public wi-fi. You're also moving, quite frequently. I'd personally put this crack at a lower level of priority than usual. But still, Apple, get a better padlock.

But seriously, the real problem is this whole password system, which stinks to high heaven.
 
Swift said:
If you run your iOS device as a hotspot, you're away from a wire to the Internet, and away from public wi-fi. You're also moving, quite frequently. I'd personally put this crack at a lower level of priority than usual. But still, Apple, get a better padlock.

But seriously, the real problem is this whole password system, which stinks to high heaven.
Click to expand...

How secure is the connection when you tether an iPad to an iPhone via Bluetooth?

Anyway, I was serious above about my hotspot password, namely because I'm not too concerned, as others have mentioned. When I use tethering, it's for very short periods of time only, and usually in a spot I won't be sitting still in for long (or outright constantly moving, like on a bus or car).
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back