Last week, TUAW reported a group of researchers had cracked the passcode system implemented in iOS 4, across Apple’s range of portable devices. This exploit bypasses the initial passcode lock, and allows access to any password saved on the device in a matter of minutes.
The bypass is accomplished by first jailbreaking a target device and then installing an SSH app on it. Upon the completion of these two steps, full keychain access is granted to the hacker. This includes items such as saved Wi-Fi passwords, and more sensitive items such as email and voicemail passwords. The researchers found they could even access app specific passwords through the exploit. This could potentially pose security concerns for users of financial apps such as Mint and Paypal.
Though security breaches of this sort are always alarming, it is worth mentioning that this hack requires direct, hands-on access to a device. Therefore, as long as your device is not lost or stolen, you are not susceptible to the exploit. Though the hack obviously takes a bit more technical know-how than the average petty thief may possess, the researchers still suggest changing your passwords should a loss or theft occur.
What makes this hack unique, is that Apple’s ability to patch it seems limited. As the first step of the exploit is to jailbreak the target device, its prevention hinges on Apple’s ability to prevent jailbreaking. While the company has stepped forward with an anti-jailbreaking stance, they have yet to issue an iOS update which prevents it entirely.