Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Popular Discussions

    Researchers Get Access To Passwords Stored In Locked iPhone In 6 Minutes

    ^_^^_^ Posts: 4,429
    via Wordpress in iPhoneHacks.com
    imageResearchers Get Access To Passwords Stored In Locked iPhone In 6 Minutes

    PC World is reporting that some security researchers in Germany have managed to get access to passwords stored in a locked iPhone by bypassing iPhone’s passcode lock.

    The researchers have apparently used existing exploits that allows a hacker to access an iPhone’s file system even if it is locked.

    IDG reports:

    Read the full story here

    Comments

    • JohnJohn Posts: 790
      via Wordpress
      If an iphone is lost or stolen, don't bet on it being returned by the finder. Remote wipe. That's what it's there for.
    • PalPal Posts: 33
      via Wordpress
      Does this work on phones where user changed root password?
    • AndrewAndrew Posts: 168
      via Wordpress
      Thats pretty crazy **** if i must say
    • MKMK Posts: 64
      via Wordpress
      How about u jailbreak your phone and then setup a password
    • DustinDustin Posts: 116
      via Wordpress
      Well, Technically i think if you changed your password, they shouldnt be able to gain access, but im sure there is a workaround to that (Brute force password cracker). Whatever happened to the ASLR patch i had heard someone was working on? Whouldnt this have prevented them from getting the password due to the files and such being in random locations and making it harder to find? I see they used a script, im sure they had to know filename and locataions, and decrypt them.
    • DustinDustin Posts: 116
      via Wordpress
      Antid0te was the name of it...
    • BeerDoneBeerDone Posts: 15
      via Wordpress
      Looks like Apple now got something to back up their jailbreak hatred - read the first two steps.
    • fasfas Posts: 2,297
      via Wordpress
      Its sad that Apple security is going for a toss. This might delay 4.3.
    • JohnJohn Posts: 790
      via Wordpress
      It's not sad and has no bearing on 4.3. ALL devices can be broken into within minutes. Password security isn't as secure as companies lead you to think. This is nothing new. If you lose your phone, it's best to remote wipe it. I wouldn't bet on it being returned to you. Finders keepers.
    • AMAM Posts: 0
      via Wordpress
      I sent an email to the two guys who came up with this hack at the Fraunhofer Institute in Germany. I asked if changing the root password could protect a phone against this hack.Jens Heider (one of the two "hackers") responded:"Hi - no, the knowledge of the root password is not needed to perform the attack. In step 1 we set our own account."So, there you have it. Even if you have changed the root password, you are just as open for this attack.
    • brianbrian Posts: 218
      via Wordpress
      That's what I'm trying to find out too. I didn't see the exploit logging in to root but maybe I missed it.
    • stan69bstan69b Posts: 50
      via Wordpress
      Can we count on a tutorial for this ? wich version of redsn0w is he using ? and how does he install the ssh server on the iphone ? anyway it is an interesting hack , keep up the good work
    • DinoDino Posts: 16
      via Wordpress
      Remote wipe does not guarantee the security of you IDevice. If you can get access to the file system via a script then you can use data recovery software and search for the deleted data. Jonathan Zdziarski showed in one of his forensics articles how to recover deleted data. The only way to fix this is to add a new security layer that protects the kernel.
    • JohnJohn Posts: 790
      via Wordpress
      A new security layer will just get hacked. This isn't unique to the iphone. EVERY device is VERY easy to break into with physical access to it.The only way to fix this is to keep your phone safe and don't lose it. Especially if you're the type who's paranoid about your data and people using methods to recover wiped data.
    • TonyTony Posts: 145
      via Wordpress
      The remote wipe should use a shredding/bleaching process... if it doesn't it is completely useless an anything can be un-deleted until it is written over... if it is completely written over in two passes it is permanently gone, at least with any technology conceivable within the next 20 years.
    • DinoDino Posts: 16
      via Wordpress
      A new security layer will keep the sensitive information in a sandbox if you like. The isolation will make sure that anyone who isn’t supposed to have access doesn’t. The solution is simple: only the root account can access the information and only from within the OS; this means that the device needs to be booted up. The security layer will also deny impersonation of root rights for this operation. So even if the root password is known (alpine) you cannot script any operation. Please don’t curse me for what I am about to say, but Microsoft’s Windows 7 has this kind of security build in. My point is that the security logic is not something top secret. What Apple needs to do is acknowledge that their OS is not bullet proof and they need to improve the security.
    • JohnJohn Posts: 790
      via Wordpress
      I could point you to a few simple linux tools that will break windows 7 security in less than 5 mins. The whole point is, physical access. Nothing's safe if someone has physical access to it. The best security is ourselves.
    Sign In or Register to comment.