Researchers Crack iOS-Generated Hotspot Passwords in 50 Seconds

by

personalhotspotWhen tethering an iPhone or an iPad, iOS users have the option of using an automatically generated password for their personal hotspots, which Apple implemented to provide all users with a secure password option.

According to researchers at Germany's University of Erlangen (via ZDNeT), the way that the keys are generated – with a combination of a short English word along with random numbers – is predictable to the point where the researchers are able to crack the hotspot password in less than a minute.

In their paper, the three researchers detail the process that they used to figure out the weak spots in the hotspot's protection. Apple's word list uses approximately 52,500 entries, so initially, cracking the hotspot took almost 50 minutes. After finding a WiFi connection, the researchers used an AMD Radeon HD 6990 GPU to run through word and number combinations.

"This list consists of around 52,500 entries, and was originated from an open-source Scrabble crossword game. Using this unofficial Scrabble word list within offline dictionary attacks, we already had a 100 percent success rate of cracking any arbitrary iOS hotspot default password," the researchers wrote.

The team discovered that only a small set of Apple's larger word list was being used, so with GPU cluster of four AMD Radeon HD 7970s, they narrowed their iOS-generated hotspot password cracking time down to just 50 seconds. In the paper, the team goes on to criticize Apple's password generation standards, suggesting that system generated passwords be composed of random letters and numbers.

"In the context of mobile hotspots, there is no need to create easily memorizable passwords. After a device has been paired once by typing out the displayed hotspot password, the entered credentials are usually cached within the associating device, and are reused within subsequent connections," the paper states.

"System-generated passwords should be reasonably long, and should use a reasonably large character set. Consequently, hotspot passwords should be composed of completely random sequences of letters, numbers, and special characters."

As noted by ZDNet though Apple's password generation system is flawed, it is a more robust solution than what is used by other companies like Microsoft. For example, the Windows 8 phone utilizes default passwords that consist of eight digit numbers.

To avoid a weak iPhone hotspot password, users can still choose to use passwords of their own creation, which should contain a sequence of random numbers and letters for enhanced security.

Popular Stories

iphone 16 display

iPhone 17's Scratch Resistant Anti-Reflective Display Coating Canceled

Monday April 28, 2025 12:48 pm PDT by
Apple may have canceled the super scratch resistant anti-reflective display coating that it planned to use for the iPhone 17 Pro models, according to a source with reliable information that spoke to MacRumors. Last spring, Weibo leaker Instant Digital suggested Apple was working on a new anti-reflective display layer that was more scratch resistant than the Ceramic Shield. We haven't heard...
Read Full Article114 comments
iPhone 17 Air Pastel Feature

iPhone 17 Reaches Key Milestone Ahead of Mass Production

Monday April 28, 2025 8:44 am PDT by
Apple has completed Engineering Validation Testing (EVT) for at least one iPhone 17 model, according to a paywalled preview of an upcoming DigiTimes report. iPhone 17 Air mockup based on rumored design The EVT stage involves Apple testing iPhone 17 prototypes to ensure the hardware works as expected. There are still DVT (Design Validation Test) and PVT (Production Validation Test) stages to...
Read Full Article28 comments
iphone 17 air iphone 16 pro

iPhone 17 Air USB-C Port May Have This Unusual Design Quirk

Wednesday April 30, 2025 3:59 am PDT by
Apple is preparing to launch a dramatically thinner iPhone this September, and if recent leaks are anything to go by, the so-called iPhone 17 Air could boast one of the most radical design shifts in recent years. iPhone 17 Air dummy model alongside iPhone 16 Pro (credit: AppleTrack) At just 5.5mm thick (excluding a slightly raised camera bump), the 6.6-inch iPhone 17 Air is expected to become ...
Read Full Article143 comments
Beyond iPhone 13 Better Blue

20th Anniversary iPhone Likely to Be Made in China Due to 'Extraordinarily Complex' Design

Monday April 28, 2025 4:29 am PDT by
Apple will likely manufacture its 20th anniversary iPhone models in China, despite broader efforts to shift production to India, according to Bloomberg's Mark Gurman. In 2027, Apple is planning a "major shake-up" for the iPhone lineup to mark two decades since the original model launched. Gurman's previous reporting indicates the company will introduce a foldable iPhone alongside a "bold"...
Read Full Article122 comments
apple watch ultra yellow

What's Next for the Apple Watch Ultra 3 and Apple Watch SE 3

Friday April 25, 2025 2:44 pm PDT by
This week marks the 10th anniversary of the Apple Watch, which launched on April 24, 2015. Yesterday, we recapped features rumored for the Apple Watch Series 11, but since 2015, the Apple Watch has also branched out into the Apple Watch Ultra and the Apple Watch SE, so we thought we'd take a look at what's next for those product lines, too. 2025 Apple Watch Ultra 3 Apple didn't update the...
Read Full Article65 comments
AirPods Pro 3 Mock Feature

AirPods Pro 3 Just Months Away – Here's What We Know

Tuesday April 29, 2025 1:30 am PDT by
Despite being more than two years old, Apple's AirPods Pro 2 still dominate the premium wireless‑earbud space, thanks to a potent mix of top‑tier audio, class‑leading noise cancellation, and Apple's habit of delivering major new features through software updates. With AirPods Pro 3 widely expected to arrive in 2025, prospective buyers now face a familiar dilemma: snap up the proven...
Read Full Article102 comments
iPhone 17 Pro Blue Feature Tighter Crop

iPhone 17 Pro Launching Later This Year With These 13 New Features

Wednesday April 23, 2025 8:31 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models as of April 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone ...
Read Full Article
iPhone 17 Pro on Desk Feature

All iPhone 17 Models Again Rumored to Feature 12GB of RAM

Tuesday April 29, 2025 3:36 am PDT by
All upcoming iPhone 17 models will come equipped with 12GB of RAM to support Apple Intelligence, according to the Weibo-based leaker Digital Chat Station. The claim from the Chinese leaker, who has sources within Apple's supply chain, comes a few days after industry analyst Ming-Chi Kuo said that the iPhone 17 Air, iPhone 17 Pro, and iPhone 17 Pro Max will all be equipped with 12GB of RAM. ...
Read Full Article83 comments

Top Rated Comments

cutmoney Avatar
cutmoney
155 months ago
Wow, I guess next time I setup a personal hotspot to check my email on my laptop, I'd better watch out for someone nearby with a "GPU cluster of four AMD Radeon HD 7970s". I mean seriously, who sets up a wireless hotspot on their iPhone using the password generator and then transmits some sensitive data which is at risk of (and in range of) some hacker that would have the ability (or desire) to crack their wireless hotspot security? It's hard enough to even get people to turn on any security much less worry about whether it could potentially be hacked. These "researchers" need to spend their time on something more useful.
Score: 13 Votes (Like | Disagree)
Walter White Avatar
Walter White
155 months ago
I always use my birthdate as password.
Score: 12 Votes (Like | Disagree)
kkat69 Avatar
kkat69
155 months ago
Mines easy, no need for massive data crunching... 1-2-3-4-5. I use the same on my luggage.
Score: 10 Votes (Like | Disagree)
MaxxTraxx Avatar
MaxxTraxx
155 months ago
I can imagine folks just roaming airports with these AMD systems looking for iPhone passwords.
Score: 10 Votes (Like | Disagree)
ziggyonice Avatar
ziggyonice
155 months ago
This does not appear to be an issue in iOS 7.

The passwords generated in the beta are not based on dictionary words and are considerably more randomized.
Score: 9 Votes (Like | Disagree)
Menel Avatar
Menel
155 months ago
" so with GPU cluster of four AMD Radeon HD 7970s"

Using my iPad out in a park away from building WIFI. I think that, with a gas generator out in a park might be obvious and suspicious...

Also, use Bluetooth. The connection is persistent. iPad reconnects without fiddling with Phone because the phone doesn't idle it's bluetooth like it does WIFI. Also more secure as you will have to manually approve the connection. Problem solved, and everything fixed.
Score: 9 Votes (Like | Disagree)
Read All Comments