Researchers Crack iOS-Generated Hotspot Passwords in 50 Seconds

by

personalhotspotWhen tethering an iPhone or an iPad, iOS users have the option of using an automatically generated password for their personal hotspots, which Apple implemented to provide all users with a secure password option.

According to researchers at Germany's University of Erlangen (via ZDNeT), the way that the keys are generated – with a combination of a short English word along with random numbers – is predictable to the point where the researchers are able to crack the hotspot password in less than a minute.

In their paper, the three researchers detail the process that they used to figure out the weak spots in the hotspot's protection. Apple's word list uses approximately 52,500 entries, so initially, cracking the hotspot took almost 50 minutes. After finding a WiFi connection, the researchers used an AMD Radeon HD 6990 GPU to run through word and number combinations.

"This list consists of around 52,500 entries, and was originated from an open-source Scrabble crossword game. Using this unofficial Scrabble word list within offline dictionary attacks, we already had a 100 percent success rate of cracking any arbitrary iOS hotspot default password," the researchers wrote.

The team discovered that only a small set of Apple's larger word list was being used, so with GPU cluster of four AMD Radeon HD 7970s, they narrowed their iOS-generated hotspot password cracking time down to just 50 seconds. In the paper, the team goes on to criticize Apple's password generation standards, suggesting that system generated passwords be composed of random letters and numbers.

"In the context of mobile hotspots, there is no need to create easily memorizable passwords. After a device has been paired once by typing out the displayed hotspot password, the entered credentials are usually cached within the associating device, and are reused within subsequent connections," the paper states.

"System-generated passwords should be reasonably long, and should use a reasonably large character set. Consequently, hotspot passwords should be composed of completely random sequences of letters, numbers, and special characters."

As noted by ZDNet though Apple's password generation system is flawed, it is a more robust solution than what is used by other companies like Microsoft. For example, the Windows 8 phone utilizes default passwords that consist of eight digit numbers.

To avoid a weak iPhone hotspot password, users can still choose to use passwords of their own creation, which should contain a sequence of random numbers and letters for enhanced security.

Top Rated Comments

cutmoney Avatar
cutmoney
106 months ago
Wow, I guess next time I setup a personal hotspot to check my email on my laptop, I'd better watch out for someone nearby with a "GPU cluster of four AMD Radeon HD 7970s". I mean seriously, who sets up a wireless hotspot on their iPhone using the password generator and then transmits some sensitive data which is at risk of (and in range of) some hacker that would have the ability (or desire) to crack their wireless hotspot security? It's hard enough to even get people to turn on any security much less worry about whether it could potentially be hacked. These "researchers" need to spend their time on something more useful.
Score: 13 Votes (Like | Disagree)
Walter White Avatar
Walter White
106 months ago
I always use my birthdate as password.
Score: 12 Votes (Like | Disagree)
kkat69 Avatar
kkat69
106 months ago
Mines easy, no need for massive data crunching... 1-2-3-4-5. I use the same on my luggage.
Score: 10 Votes (Like | Disagree)
MaxxTraxx Avatar
MaxxTraxx
106 months ago
I can imagine folks just roaming airports with these AMD systems looking for iPhone passwords.
Score: 10 Votes (Like | Disagree)
ziggyonice Avatar
ziggyonice
106 months ago
This does not appear to be an issue in iOS 7.

The passwords generated in the beta are not based on dictionary words and are considerably more randomized.
Score: 9 Votes (Like | Disagree)
Menel Avatar
Menel
106 months ago
" so with GPU cluster of four AMD Radeon HD 7970s"

Using my iPad out in a park away from building WIFI. I think that, with a gas generator out in a park might be obvious and suspicious...

Also, use Bluetooth. The connection is persistent. iPad reconnects without fiddling with Phone because the phone doesn't idle it's bluetooth like it does WIFI. Also more secure as you will have to manually approve the connection. Problem solved, and everything fixed.
Score: 9 Votes (Like | Disagree)
Read All Comments

Top Stories

AirPods Pro Beta Firmware

AirPods Pro Beta Firmware Now Available

Wednesday July 21, 2021 6:50 am PDT by
Upcoming AirPods Pro firmware updates are now available to Apple Developer Program members as beta versions. AirPods Pro firmware beta one features FaceTime Spatial Audio and Ambient Noise Reduction. Custom Transparency mode, including Conversation Boost, was initially expected to be included in the beta but appears to have been delayed for a later version. Apple made the announcement...
Read Full Article42 comments
maxresdefault

Apple Music to Livestream Premiere of Kanye West's New Album 'Donda' on Thursday

Wednesday July 21, 2021 1:49 am PDT by
Apple Music on Thursday will host a global livestream for the premiere of Kanye West's tenth studio album, titled "Donda." The sold-out event will take place at the Mercedes-Benz Stadium in Atlanta, Georgia, and Apple Music's livestream will start at 8:00 p.m. Eastern Time. The livestream was revealed in a Beats Studio Buds ad that aired during the NBA Finals. The ad features U.S. track...
Read Full Article91 comments
General Apps Messages

All Three Major U.S. Carriers and Google Adopt Rich Communication Services, But No Sign of Apple Interest

Tuesday July 20, 2021 1:15 pm PDT by
For the last several years, Google has been pushing a new communications protocol called Rich Communication Services, or RCS. RCS is designed to replace SMS, the current text message standard, and it offers support for higher resolution photos and videos, audio messages, bigger file sizes, better encryption, improved group chat, and more. Verizon today announced that it is planning to adopt...
Read Full Article223 comments
ios wifi settings

Apple Confirms iOS 14.7 Fixes WiFi Bug and Many Other Vulnerabilities

Wednesday July 21, 2021 11:38 am PDT by
Following the release of iPadOS 14.7 this morning, Apple has shared details on the security updates that are included in iOS 14.7, iPadOS 14.7, macOS Big Sur 11.5, watchOS 7.6, and tvOS 14.7, all of which came out this week. Notably, Apple's documentation confirms that the iOS 14.7 and iPadOS 14.7 updates address a WiFi-related vulnerability that could impact iOS devices when joining a...
Read Full Article51 comments
macOS Malware Feature

Common Windows Malware Can Now Infect Macs

Wednesday July 21, 2021 8:13 am PDT by
A common form of malware on Windows systems has been modified into a new strain called "XLoader" that can also target macOS (via Bleeping Computer). Derived from the Formbook info-stealer for Windows, XLoader is a form of cross-platform malware advertised as a botnet with no dependencies. It is used to steal login credentials, capture screenshots, log keystrokes, and execute malicious files. ...
Read Full Article115 comments
macOS Big Sur Feature Orange

Apple Releases macOS Big Sur 11.5 With Podcast App Updates and Bug Fixes

Wednesday July 21, 2021 10:15 am PDT by
Apple today released macOS Big Sur 11.5, the fifth major update to the macOS Big Sur operating system that launched in November 2020. macOS Big Sur 11.5 comes two months after the release of macOS Big Sur 11.4. The new ‌‌‌‌‌macOS Big Sur‌‌‌‌ 11.5 update can be downloaded for free on all eligible Macs using the Software Update section of System Preferences. macOS Big Sur...
Read Full Article68 comments
idos 2 app ios

Apple to Pull 'iDOS 2' DOS Emulator From App Store

Thursday July 22, 2021 3:22 pm PDT by
iDOS 2, an app designed to allow users to play classic DOS games, will soon be pulled from the App Store, the app's creator said today. According to iDOS developer Chaoji Li, he tried to submit an iDOS update with bug fixes to the App Store, but was told that the update was rejected because it violated the 2.5.2 App Store guideline that says apps cannot install or launch executable code.Durin...
Read Full Article235 comments
airpods 3 gizmochina Feature

AirPods 3 Rumored to Launch Alongside iPhone 13 at Expected September Event

Friday July 23, 2021 12:54 am PDT by
The third-generation AirPods will likely launch at the same event revealing Apple's upcoming iPhone 13 lineup, according to a report from DigiTimes, which makes the claim citing sources familiar with the matter. The report as a whole echoes previous reporting that production of the third-generation AirPods will kickstart in August, meaning a launch shortly after can be easily expected. DigiTi...
Read Full Article17 comments
iPad mini pro feature

Next-Generation iPad Mini Will Reportedly Feature a Mini-LED Display

Thursday July 22, 2021 9:03 am PDT by
Apple is widely rumored to be planning a new iPad mini with a significant redesign, including a larger 8.5-inch to 9-inch display with slimmer bezels, a Touch ID power button instead of a home button, a USB-C port instead of a Lightning connector, and more. According to a paywalled preview of a DigiTimes report today, the sixth-generation iPad mini will also feature a mini-LED display:BLU...
Read Full Article99 comments
airpods 3 gizmochina Feature teal

AirPods 3 Mass Production Said to Kick Off in August

Tuesday July 20, 2021 8:40 pm PDT by
Mass production of the third-generation AirPods will kick off in August, according to a new report from Nikkei Asia. They will reportedly join a number of other products such as the iPhone 13 lineup and redesigned MacBook Pro models as launches coming before the end of the year. Renderings of rumored third-generation AirPods design Rumored launch dates for the third-generation AirPods have...
Read Full Article49 comments