According to the Fraunhofer Institute, after stealing your iPhone or any other iOS-powered device you may have, a person with malicious intent could decrypt your passwords in as little as 6 minutes. Researchers from the Fraunhofer Institute of Secure Information Technology have released a video showing how passwords can be decrypted in just 6 minutes – you can check it out on YouTube here.
SPONSORED LINKS
How does the whole thing go? Oversimplifying things, the bad guy would have to jailbreak the device, access the keychain file, and decrypt it. Passwords stored in the keychain can then be accessed by the bad guy.
Jens Heider and Matthias Boll, the researchers who published the study, explained that after using a jailbreak tool to get access to a command shell, they run a small script to access and decrypt the passwords found in the keychain.
“Owners of a lost or stolen iOS device should therefore instantly initiate a change of all stored passwords. Additionally, this should be also done for accounts not stored on the device but which might have equal or similar passwords, as an attacker might try out revealed passwords against the full list of known accounts. Enterprises should create efficient processes for lost device incidents to shorten the time during which their accounts may be vulnerable. Especially the change of group passwords like sometimes used for VPN and WiFi may require an additional effort but should be taken seriously,” said Jens Heider and Matthias Boll in their paper’s conclusion.
Try not to have your iPhone or any other iOS-powered device stolen, because if you do, whoever steals it could easily decrypt the passwords stored on the device. That is the conclusion of a paper titled “