MAAS History
Archives
« Developer Release of Lion | Main | Google Chrome Update 9.0.597.94 »
Thursday
Feb102011

Researchers ByPass Keychain on iOS device

DateThursday, February 10, 2011 at 09:04AM

Researchers from Fraunhofer SIT have demonstrated how to bypass the KeyChain on an iOS device. This is a local attack, not remote, but has implications for users who's devices are lost or stolen.

 

  • They Jailbreak the phone with tools already available to gain access to the system.
  • Copy the KeyChain access script to the file system.
  • Execute the Script which returns the passwords it has been able to find.

 

Not all passwords are broken but key ones for online account and corporate network access information can be broken in under six minutes.

For a video on how they did it click here.

If you lose your iPhone or plan to retire it keep this in mind.

 

  1. Do a Hard Factory Reset.
  2. Clear out all data.
  3. Use Mobile Me Find My iPhone in the event that it is lost and erase it fist. (iTunes should have a backup.)

 

If you are an organization you should have a phone/PDA retirement policy.

AuthorSean OConnell Public | CommentPost a Comment | Reference1 Reference |
tagged in , , ,

PrintView Printer Friendly Version

EmailEmail Article to Friend

References (1)

References allow you to track sources for this article, as well as articles that were written in response to this article.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.
Member Account Required
You must have a member account on this website in order to post comments. Log in to your account to enable posting.