iPhone hotspots vulnerable

[WanderingFool]

 From: http://www.zdnet.com/researchers-able-to-predict-apple-ios-generated-hotspot-passwords-7000016937/

 

...

 

"Only 1,842 different entries of that dictionary are taken into consideration. Consequently, any default password used within an arbitrary iOS mobile hotspot is based on one of these 1,842 different words."

 

This, combined with an increase in cracking hardware — a GPU cluster consisting of four AMD Radeon HD 7970s — allowed the researchers to crack any iOS hotspot with an OS-generated password within 50 seconds. Although such hardware is physically out of the reach of most users, the researchers said that similar resources are easily available through today's cloud computing technologies.

 

...

 

 

 

 

It is interesting that Apple took the approach of using a very limited set of words to generate the hotspot password.  Personally I haven't used an iPhone device, so I don't really know how the password generation works, but this is the reason I try avoid as much wireless as possible.

 

As a side note, this is the reason why I try using 16 letter/number/symbol passwords.

[LAwLz]

It's worth noting that this only affects people who use the automatic password generation.

[Lyons]

Yeah, this is a user issue, not Apple's.

[extremescouter]

There really is no such thing as internet security anymore.  :( There is always some news about a vulnerable piece of tech, and this is just another one. 

[WanderingFool]

Yeah, this is a user issue, not Apple's.

Well it is partially Apples fault. The fact is most users I know who own iPhones are the types who use those built in generators thinking they are safe

[Snickerzz]

does this even matter? if you can afford 4 x 7970s you can afford a cell phone/internet and won't have to mooth of someone else 5 feet away

[ObeseWalrus]

Well it is partially Apples fault. The fact is most users I know who own iPhones are the types who use those built in generators thinking they are safe

That is not the case, many that uses iPhones are stupid yes but I just want a phone that is up and running fast, easy to use and RELIABLE. You can't say anything about iPhone's reliability.

[WanderingFool]

does this even matter? if you can afford 4 x 7970s you can afford a cell phone/internet and won't have to mooth of someone else 5 feet away

 

Well they used 4 cards, but you could use 1 and still get it in under a few minutes...also it is within 24 seconds, the average case I would image is closer to 12 seconds.  The issue isn't about getting free internet, but rather what you are capable of doing.  This particular article doesn't go into it, but you could perform things such as man in the middle attacks, or depending how the person setup their phone you could access certain files from the phone.

 

That is not the case, many that uses iPhones are stupid yes but I just want a phone that is up and running fast, easy to use and RELIABLE. You can't say anything about iPhone's reliability.

The issue I have with Apple in this case is generating passwords word passwords with a dictionary size of roughly 2000.  In terms of reliability of security, a company that decides to generate passwords using 2000 is irresponsible imo.  It is like making an hotspot that uses WEP encryption.  I wouldn't call iPhone users stupid just uninformed, and the fact many do use the default settings to create things like hotspots means Apple should take more care in the password generations.

[ObeseWalrus]

Well they used 4 cards, but you could use 1 and still get it in under a few minutes...also it is within 24 seconds, the average case I would image is closer to 12 seconds.  The issue isn't about getting free internet, but rather what you are capable of doing.  This particular article doesn't go into it, but you could perform things such as man in the middle attacks, or depending how the person setup their phone you could access certain files from the phone.

 

The issue I have with Apple in this case is generating passwords word passwords with a dictionary size of roughly 2000.  In terms of reliability of security, a company that decides to generate passwords using 2000 is irresponsible imo.  It is like making an hotspot that uses WEP encryption.  I wouldn't call iPhone users stupid just uninformed, and the fact many do use the default settings to create things like hotspots means Apple should take more care in the password generations.

Apple slacked off there, I can see that.