Researchers Expose iOS Security Flaw

Last week, TUAW reported a group of researchers had cracked the passcode system implemented in iOS 4, across Apple’s range of portable devices. This exploit bypasses the initial passcode lock, and allows access to any password saved on the device in a matter of minutes.

The bypass is accomplished by first jailbreaking a target device and then installing an SSH app on it. Upon the completion of these two steps, full keychain access is granted to the hacker. This includes items such as saved Wi-Fi passwords, and more sensitive items such as email and voicemail passwords. The researchers found they could even access app specific passwords through the exploit. This could potentially pose security concerns for users of financial apps such as Mint and Paypal.

Though security breaches of this sort are always alarming, it is worth mentioning that this hack requires direct, hands-on access to a device. Therefore, as long as your device is not lost or stolen, you are not susceptible to the exploit. Though the hack obviously takes a bit more technical know-how than the average petty thief may possess, the researchers still suggest changing your passwords should a loss or theft occur.

What makes this hack unique, is that Apple’s ability to patch it seems limited. As the first step of the exploit is to jailbreak the target device, its prevention hinges on Apple’s ability to prevent jailbreaking. While the company has stepped forward with an anti-jailbreaking stance, they have yet to issue an iOS update which prevents it entirely.

Similar Posts

  • Apple Announces iPad 2

    Apple today announced the next generation of iPad. To the surprise and delight of the audience, Steve Jobs took the stage at the…

  • Apple TV

    By Ed@smalldog.com After previewing iTV last September, Apple has unveiled the final specs for the device, which is now called Apple TV. It’s…

  • Xsan and Intel macs

    by Matt@Smalldog.com A buddy of mine sent me an iChat this morning asking if I knew anything about xSan compatibility with Intel Macs….

  • Podcasts with Woz, Sculley, Kawasaki…

    In honor of Apple’s 30th birthday (which is this Saturday), the San Francisco Chronicle has posted podcast interviews with some of the better…

  • Unlocked iPhone 4 Now Available in the U.S.

    Earlier this morning, Apple quietly updated its online store to reflect availability of unlocked models of iPhone 4 (GSM only). The unsubsidized version…

  • iPad 2 Launching in 25 Countries Friday

    Apple today released a press statement confirming that iPad 2 will launch in 25 additional countries this coming Friday. Beginning at 5 PM…