Posted by: David Harley | June 20, 2013

iPhone hotspot: some like it (not so) hot

Dan Goodin warns us (for Ars Technica) that a New attack cracks iPhone autogenerated hotspot passwords in seconds. In brief, if you use the mobile hotspot feature on your iPhone, you’re advised to override the password that iOS autogenerates to secure your connection. The problem is that the password is apparently generated by appending a randomized 4-digit numeric string to a small selection of words drawn from a small and easily obtained dictionary. It’s not that a casual snooper is likely to guess it, but a research paper by Kurtz, Freiling and Metz suggests a suitably equipped and prepared attacker can implement a brute-force attack that could be effective in less than 50 seconds.

Not quite calling for panic stations, but not an imaginary threat either, since a large part of the attack could be carried out offline.

David Harley
Small Blue-Green World
ESET Senior Research Fellow

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: