Researchers Demonstrate Vulnerability Allowing Theft of iPhone Passwords

[Small White Car]

At last count, all of the jailbreaks require either a) restoring the device from a custom IPSW, which will wipe the contents of the phone or b) for the JailbreakMe.com one- having an unlocked phone to use to to visit the website.

So, unless they've also stolen your computer that they can use to restore the device from a previous backup after they jailbreak the iPhone, if you have a passcode lock it sounds like you should be fine...

Right?

I was reading this trying to decide if there's some way to jailbreak a phone without knowing the phone's pass code.

There's still not, right?

So this really isn't an actual thing at all, is it? It's just like an example, really, but not a real thing, right?

 

[roadbloc]

Excellent. I'm gonna be first in line for my free case.

 

[Night Spring]

Not true. I have an admin account password and firmware password on my laptop, and as long as my password is strong enough nobody can access anything on my MacBook.

Can't they take out the hard drive, attach it to another computer, then start reading the data? Your laptop password only prevents your *laptop* from starting up, it doesn't lock down the hard drive, does it?

Anyway, is this really news? iPhones have been jailbreakable since the beginning, and nobody realized this until now? That doesn't sound right...

 

[ChazUK]

The bottom line is this: ALL "smart" phones suffer from this vulernability. It's called rooting in Android, JBing on the iPhone, etc. If they have the physical device, it's always game over, regardless of what "protection" you have on it-- it's only a matter of patience and time for them to break in through some method.

One of the best examples for Android is the vulnerability of passwords being stored on Android phones in plain text.

http://www.intomobile.com/2010/09/20/rooted-android-passwords-plain-text/

Root/Jailbreak could equal trouble on both platforms.

 

[boyplunder]

So, let me get this right. The hacker has to jailbreak my phone, load an SSH server on it and mess about with keychains and a script. Considering the iPhone is practically stapled to my body at every moment, I can't see this as being much of a security risk.

Now, I bet those guys in 'The men who stare at goats' could do it better...
...Hell, I'd better find some tin foil and make a hat for my iPhone!

 

[Yamcha]

"In a video that demonstrates the attack, the researchers first jailbreak the phone..."


Moving on...

A monkey could jailbreak, its that easy.. This could potentially be an issue, especially if you don't realize that your phone has been stolen or lost..

 

[iPhysicist]

At last count, all of the jailbreaks require either a) restoring the device from a custom IPSW, which will wipe the contents of the phone or b) for the JailbreakMe.com one- having an unlocked phone to use to to visit the website.

So, unless they've also stolen your computer that they can use to restore the device from a previous backup after they jailbreak the iPhone, if you have a passcode lock it sounds like you should be fine...

I think they have a workaround (a modified jailbreak) otherwise the warning would be senseless

 

[AdeFowler]

This will be a headline on news sites around the world for the next 3 days.

 

[applefan69]

Show me how it's done on a Blackberry, then.

what you said is pure ignorance. No I dont have a direct example (although maybe someone will) but the point is when it comes to hacking theres ALWAYS a way in with physical control. The best apple could do to prevent this is use an encrypted bootloader which only loads apple signed code. Which is exactly what apple did, but also what this is bypassing.

once past the bootloader its only a matter of writing your own code to accomplish whatever you want. In this case its retrieving passwords. Nothing new

 

[iPhysicist]

They use their own or a modified jailbreak for sure.

 

[Andreas Schenk]

@lowbatteries: While most of your posting is one of the best comments in this thread and you are mostly right, you miss one thing:

Not true. I have an admin account password and firmware password on my laptop, and as long as my password is strong enough nobody can access anything on my MacBook.

If I have physical access to your laptop, your firmware password is of no real use. It can easily be reset.

http://tinyurl.com/6cgrnso

If you want your Mac to be secured do all:
- set a strong password
- set firmware password
- use filevault
- keep important files inside your home
- turn screensaver on and require password to end screensaver

If your really concerned, use Full Disk Encryption with TrueCrypt or PGP.

 

[andiwm2003]

Hahaha. I'm sorry, but this made me laugh.

Are you seriously running an article on this? Really? At least remove the sensationalist title-- it should include "with a jailbreak"-- you know, the vital caveat. Poor reporting IMO.

How technically inept do you have to be not to realize that yes, if you jailbreak a device, and then SSH it, you will have root access? I mean come on... the default SSH password when JBing is alpine... and sadly most people who JB don't even know what SSH is.

The bottom line is this: ALL "smart" phones suffer from this vulernability. It's called rooting in Android, JBing on the iPhone, etc. If they have the physical device, it's always game over, regardless of what "protection" you have on it-- it's only a matter of patience and time for them to break in through some method.

aehm, the way I read it is that they steal a unjailbroken phone, the jailbroke into it.

so this flaw affects normal users with unjailbroken phones when a thief gets his hands on the phone.

 

[kas23]

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2 like Mac OS X; en) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C134 Safari/6533.18.5)

Isn't immediately powering-down a phone something a thief does? Even one with half a brain? Isnt this taught in Smartphone Thieve School on the first day?

And when they do this, there goes the findmyiphone and remote wipe. You'll then have to be one MobileMe they very same time you are logged into findmyiphone. They could do this is the very middle of the night (it just takes 6 minutes) and be done with it.

 

[MrCrowbar]

the cryptographic key on current iOS devices is based on material available within the device and is independent of the passcode

So... the crypto key is independent of your password and possibly the same for every phone of the same type? That's just wrong. Especially since a lot of iPhone users know how to jailbreak an iPhone and google really helps if you're new to it.

 

[Gemütlichkeit]

When in doubt, remote wipe.

exactly

sorry but this is a ridiculous "vulnerability"

sure it needs to be addressed, but the title of the article and what we're really seeing aren't exactly the same thing, kind of over dramatic don't you think?

 

[Night Spring]

They use their own or a modified jailbreak for sure.

Jailbreaks that don't require a restore have been around for some time. Blackra1n, Purplera1n, Limera1n, Redsn0w, Greenpois0n... They all jailbreak your iDevice without disturbing the data that's already on it.

 

[DDustiNN]

At last count, all of the jailbreaks require either a) restoring the device from a custom IPSW, which will wipe the contents of the phone or b) for the JailbreakMe.com one- having an unlocked phone to use to to visit the website.

So, unless they've also stolen your computer that they can use to restore the device from a previous backup after they jailbreak the iPhone, if you have a passcode lock it sounds like you should be fine...

What? That's not true at all. I used the greenpois0n jailbreak method 2 days ago on my new Verizon iPhone, and once it was finished rebooting, EVERYTHING was exactly the same - all of my apps, settings, etc. The only difference was that I now had the "Loader" app, which I then used to install Cydia. No wipe at all.

 

[GFLPraxis]

Don’t jailbreak then. Surely an un-jailbroken phone will at least deter some thieves from doing the “hard work.”

Did you read the article? The THIEF jailbreaks the phone.

 

[nsayer]

Mine's greyed out.

You have to set a simple passcode and then... upgrade it.

 

[twilson]

no, no. The researchers ostensibly took a "stolen" phone and then jailbroke it as part of their technique. They're reporting a vulnerability that affects non-jailbroken phones.

No, this is NOT a non-jail broken phone vulnerability. Seeing as it requires SSH which is not there without a jailbreak.

Keep your FUD to yourself.

Considering the jailbreak is the first part of the technique, and nothing else is possible without said jailbreak, it is 100% a jail broken phone exploit.

Suggesting anything else is just semantics really.

 

[tipp]

Not true. I have an admin account password and firmware password on my laptop, and as long as my password is strong enough nobody can access anything on my MacBook.

Unless you are using a fully hardware encrypted hard drive, setting the open firmware (EFI) password on your Mac will do nothing to protect your data if someone has physical access to your machine. It's very simple to open your Macbook, remove the drive, and read the data from another machine. The only ways to truly protect your data from someone with physical access is through third party hard drive encryption, or by using FileVault or some other encrypted disk image software to keep your data in.

 

[MrCrowbar]

- use filevault
[...]
If your really concerned, use Full Disk Encryption with TrueCrypt or PGP.

Actually, avoid fileVault. It only encrypts your home folder and is rather unstable and occasionally corrupts your whole home folder and time machine backups.

PGP and TrueCrypt work well though.

I keep my secret stuff in a strong-password-protected disk image. Easy, fast, safe. You only have to remember to eject it when you leave youe computer unattended.

 

[aylk]

So, if you are running the latest iOS version you can't steal anything since you have to jailbreak first, and to jailbreak you have to erase the phone's memory... and if you are already jailbroken, I assume you changed the root password if you are really worried about your data getting stolen...

Am I missing anything?

 

[j-traxx]

foolishness. this is as improbable as president obama tripping over his shoelaces and breaking his fall by landing on "THE BUTTON" and destroying planet earth. too many factors that arent common happenings.

 

[noire anqa]

Another reason for me to remote-wipe my iPhone if it vanishes! And then when I find it, I just restore from the latest backup.

Still, you can’t get that info from a Mac’s keychain without the master password, so I’d hope the same could be true of an iPhone—at least, if you set an unlock passcode. They could use your 4 digit code as (part of) the keychain encryption.

It takes 2 seconds to eject your sim .. thereby preventing remote wipes and tracking.

And we'd like to take this opportunity to thank MacRumors for broadcasting this information to an even larger audience of morins who will take advantage of this opportunity.

No really, thanks very much!

This seems counterintuitive but the more exploits are publicly exposed the safer a platform becomes.

http://en.wikipedia.org/wiki/Security_through_obscurity

It is actually very much better for you that this was published.