Researchers Demonstrate Vulnerability Allowing Theft of iPhone Passwords
IDG News Service reports that German researchers have demonstrated how a knowledgeable thief could bypass the iPhone's passcode locking to upload a script capable of revealing entries from the device's password keychain system, potentially giving the hacker access to sensitive passwords stored on the device.
In a video that demonstrates the attack, the researchers first jailbreak the phone using existing software tools. They then install an SSH server on the iPhone that allows software to be run on the phone.
The third step is to copy a keychain access script to the phone. The script uses system functions already in the phone to access the keychain entries and, as a final step, outputs the account details it discovers to the attacker.
The attack works because the cryptographic key on current iOS devices is based on material available within the device and is independent of the passcode, the researchers said. This means attackers with access to the phone can create the key from the phone in their possession without having to hack the encrypted and secret passcode.
According to the report, the researchers were able to obtain passwords for Gmail accounts, Microsoft Exchange accounts, voicemail access, VPN and Wi-Fi network passwords, as well as passwords for some applications.
The researchers note that gaining access to an email password makes it easy for hackers to then reset passwords for other types of accounts, while compromised passwords for corporate networks can obviously result in security issues for businesses.
The exploit obviously requires a fair amount of technical knowledge, and thus shouldn't be an issue for the vast majority of users whose devices become lost or stolen. But the exploit could be used in targeted attacks by those specifically seeking to gain access to sensitive systems.
Popular Stories
Apple is developing an all-new operating system codenamed "Charismatic," according to Bloomberg's Mark Gurman.
Apple smart home hub concept
This is likely Apple's long-rumored "homeOS" operating system.
In a report this week, Gurman said both Apple's rumored smart home hub in 2026 and tabletop robot in 2027 will run the new operating system. He said the software platform will blend...
Alleged images of the iPhone 17 Pro Max's internal design have surfaced, offering a potential look inside the device before it is announced by Apple next month.
The images were shared by the account "yeux1122" this week, in a blog post on the Korean platform Naver. The account aggregates Apple rumors and leaks, so it is likely not the original source of the images, and it is unclear if they...
Last week, Apple released and then pulled a software tool that accidentally contained identifiers for many unreleased devices and chips, according to MacRumors contributor Aaron Perris. His findings included new models of the Studio Display, Apple TV, Apple Watches, Apple Vision Pro, iPad mini, HomePod mini, and more.
Here is what was uncovered in the file, according to MacRumors contributor ...
At least one new Apple Watch model launching next year will feature a "significant redesign," according to Taiwanese supply chain publication DigiTimes.
In a paywalled report this week, citing supply chain insiders, DigiTimes claimed that a high-end 2026 Apple Watch model will feature "exterior design" changes, including but not limited to "eight sensors arranged in a ring pattern visible...
Apple made a major slip Wednesday when it accidentally included hardware identifiers in software code linking to numerous unannounced products.
The leaked information provided MacRumors with concrete evidence of Apple's hardware development across multiple product categories. Here's everything that was confirmed through the code discoveries:
New HomePod mini with updated chip – New...
The seventh developer beta of iOS 26 is now available. While we are now in the later stages of the iOS 26 beta cycle, there are still some changes.
Below, we outline everything new that we have found in iOS 26 beta 7 so far.
Redesigned Blood Oxygen Feature
The seventh developer betas of iOS 26 and watchOS 26 include a redesigned Blood Oxygen feature on Apple Watch Series 9, Apple Watch ...
An alleged iPhone 17 Pro production leak may provide a first look at the device's milled all-aluminum chassis, which this year includes the camera bump – in contrast to last year's iPhone 16 Pro model that features a glass camera module attached to an all-glass back panel.
Originally shared by leaker Majin Bu, the image below could be of a moulding, but it still lines up with rumors that...
Apple is expected to delay the launch of its base iPhone 18 model until spring 2027, marking a major shift in the company's long-established release cycle, according to South Korea's ETNews.
The report claims that Apple has informed some of its suppliers that the iPhone 18 will not be part of the September 2026 iPhone lineup. Instead, the company will unveil only higher-end models in the...
