German researchers say that they have found a way to steal passwords stored on a locked Apple iPhone in just six minutes.
And they can do it it without cracking the iPhone’s passcode.
Researchers from the Fraunhofer Institute Secure Information Technology (Fraunhofer SIT) say that the attack targets Apple’s password management system – known as the keychain.
Here’s a YouTube video where the German researchers demonstrate their attack in action:
The only hint of a silver lining is that the attack can not be done remotely – the attackers need physical access to your iPhone to steal information.
But if the attacker only needs to have his hands on your iPhone for six minutes, how much of a comfort is this really? Don’t forget, it’s not unusual for people to lose their mobile phones or leave them unattended on their desk while they pop off to the coffee machine.
According to material published by Fraunhover Insitute SIT, sensitive password information can be extracted from a user’s iPhone without needing to know the passcode.
The researchers claim that all iPhone and iPad devices containing the latest firmware are vulnerable. At a time when Apple and its fans are pushing hard for more companies to bring iPhones into the enterprise there will undoubtedly be concerns if these vulnerability claims are found to be true.
All eyes must now turn to Cupertino to see what Apple has to say about this.
Related Posts
- How to hack iPhone password in just 6 minutes?
Lost your iPhone? Got it password protected? It may not be enough to stop hackers. Researchers in Germany have discovered a way to get inside the iPhone in just six minutes--without using a password... - iPhone Safer from Hackers than Android (PC World)
PC World - Android-based smartphones are more vulnerable to attacks by hackers and electronic viruses than the iPhone, according to the chairman of the world's largest provider of security software f... - Facebook Scam: ‘Wired News: iPhone 5 – First Exposure’ leads to Adware
From likejacking to photo-tagging, Facebook scammers are constantly searching for new ways to get their scam campaigns to spread through the social network. Early this weekend, we observed a new type ... - The New York Yankees and DSLReports.com responsible for 30,000 more data loss victims
This message may repeat. This message may repeat. For those of us old enough to have fond memories of the phonograph, the phrase "broken record" may come to mind.Yes, more user information has been le... - Will Mobile Apps be the Achilles’ Heel of Web Security?
Inspired by a post yesterday from Alasdair Allan and Pete Warden discussing how the iPhone records and stores geo-location data, I decided to poke around to see what other interesting security is... - iPhone Tracking
Some time ago, a security researcher, Alex Levinson, found out the iPhone was keeping a SQLite database of the iPhone’s location (wifi-based location, cell-based or GPS) and a few other informat... - Actually, iPhone sends your location to Apple twice a day
Forensic researcher Alex Levinson has discovered a way to map out where an iPhone has been. The information comes from a location cache file found on an iPhone (Library/Caches/locationd/consolidated.d... - Your iPhone keeps an unencrypted record of your movements
If you are are owner of an iPhone or a 3G iPad, you'll probably want to know that your location - along with a timestamp - is at all times recorded by the device and stored into a file called "consoli... - Lab Matters – Malware in Spam Messages
Head of Content Analysis and Research Darya Gudkova joins Ryan Naraine on this episode of Lab Matters to talk about the use of spam e-mails to launch malware attacks.... - “The Hottest & Funniest Golf Course Video” scam has more than 200,000 likes on Facebook
Right now there's a scam making its way across Facebook linking to a video titled "The Hottest & Funniest Golf Course Video - LOL" (example screen shot below). Websense customers are...
Posted on 11 February 2011. Tags: from, iPhone, locked, passwords, steal, Video
