Researchers Demonstrate Vulnerability Allowing Theft of iPhone Passwords


IDG News Service reports that German researchers have demonstrated how a knowledgeable thief could bypass the iPhone's passcode locking to upload a script capable of revealing entries from the device's password keychain system, potentially giving the hacker access to sensitive passwords stored on the device.

In a video that demonstrates the attack, the researchers first jailbreak the phone using existing software tools. They then install an SSH server on the iPhone that allows software to be run on the phone.

The third step is to copy a keychain access script to the phone. The script uses system functions already in the phone to access the keychain entries and, as a final step, outputs the account details it discovers to the attacker.

The attack works because the cryptographic key on current iOS devices is based on material available within the device and is independent of the passcode, the researchers said. This means attackers with access to the phone can create the key from the phone in their possession without having to hack the encrypted and secret passcode.

According to the report, the researchers were able to obtain passwords for Gmail accounts, Microsoft Exchange accounts, voicemail access, VPN and Wi-Fi network passwords, as well as passwords for some applications.

The researchers note that gaining access to an email password makes it easy for hackers to then reset passwords for other types of accounts, while compromised passwords for corporate networks can obviously result in security issues for businesses.

The exploit obviously requires a fair amount of technical knowledge, and thus shouldn't be an issue for the vast majority of users whose devices become lost or stolen. But the exploit could be used in targeted attacks by those specifically seeking to gain access to sensitive systems.

Related Forum: iPhone

Popular Stories

Generic iOS 18

iOS 18.3 Coming Soon: Here's What's New

Monday January 13, 2025 5:33 am PST by
iOS 18.3 is currently in beta for developers and public beta testers. So far, the upcoming iPhone software update is very minor in scope. Below, we outline what is new in iOS 18.3 so far. The only potential new feature coming to iPhones with iOS 18.3 so far is robot vacuum support in the Home app, but this functionality is not yet live. Apple is laying the groundwork for the feature,...
new magsafe charger

Apple Releases Updated MagSafe Charger Firmware

Tuesday January 14, 2025 11:30 am PST by
Apple today released new firmware designed for the 25W MagSafe Charger that is compatible with the iPhone 12 and later and the latest AirPods and Apple Watch models. The updated firmware is version 2A143, up from the 2A138 firmware that the accessory shipped with. In the Settings app, you'll see a different version number than the internal firmware number. The 2024 MagSafe charger was...
iPhone 17 Slim Feature Single Camera 1 Redux

'iPhone 17 Air' Launching Later This Year With These 10 New Features

Wednesday January 15, 2025 7:16 am PST by
While the so-called "iPhone 17 Air" is not expected to launch until September, there are already plenty of rumors about the "ultra-thin" device. Overall, the "iPhone 17 Air" is shaping up to be a mixed bag. Due to its thinness, the device is expected to have some limited specifications compared to the iPhone 17 Pro models, including only a single rear camera, only a single speaker, no SIM...
iPhone 17 Pro Dual Tone Feature 1

iPhone 17 Pro Launching Later This Year With These 8 New Features

Thursday January 9, 2025 5:45 am PST by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. iPhone 17 Pro concept based on rumors Below, we recap key changes rumored for the iPhone 17 Pro models as of January 2025: More aluminum: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models ...
HomePod mini and Apple TV

HomePod Mini 2 and New Apple TV Launch Timeframe Narrowed Down

Sunday January 12, 2025 4:11 pm PST by
Bloomberg's Mark Gurman recently reported that Apple plans to release new HomePod mini and Apple TV models this year, and now he has provided a more precise timeframe. In his Power On newsletter today, Gurman said Apple is currently aiming to launch the new HomePod mini and Apple TV models "toward the end of the year." That timeframe suggests the devices will be released at some point...
severance new york promo 1

Apple Promotes Severance Season 2 Premiere With Lumon Industries Pop-Up and Visits From Actors

Tuesday January 14, 2025 3:47 pm PST by
Ahead of the season two premiere of hit TV show Severance, Apple is marketing the show with a fun Severance pop-up at the Grand Central Terminal in New York City. Apple has assembled a glass cube with workstations that are identical to the setups that Lumon employees use on the show, complete with employees "working," doing yoga, playing catch, throwing paper airplanes, sipping coffee, and...
airpods pro 2 gradient

AirPods Pro 3 Expected This Year: Here's What We Know

Wednesday January 8, 2025 7:05 am PST by
Despite being released over two years ago, Apple's AirPods Pro 2 continue to dominate the wireless earbud market. However, with the AirPods Pro 3 expected to launch sometime in 2025, anyone thinking of buying Apple's premium earbuds may be wondering if the next generation is worth holding out for. Apart from their audio and noise-canceling performance, which are generally regarded as...
General Apps Messages Redux

Phishing Attacks Use This Simple Trick to Defeat iPhone Message Security

Monday January 13, 2025 6:11 am PST by
A new social engineering tactic is being used by cybercriminals to trick iPhone users into disabling iMessage's built-in phishing protection, in a bid to expose them to malicious links and scams, according to BleepingComputer. The scam exploits a security feature in iMessage that automatically disables links from unknown senders. Apple told the outlet that when users reply to these messages...