Some people think they’ve secured their phone by putting on their PIN screen-lock. But forget your iPhone, and someone can steal your passwords, email, and web history in under six minutes.
German researchers at Fraunhofer Institute Secure Information Technology (Fraunhofer SIT), have recently published a video showing how they could easily hack into your locked, passworded, precious iPhone 4, even with the latest iOS downloaded.
We’re not sure about all the hacking details, but it broadly involves jail-breaking the phone (opening the phone up to all sorts of unofficial programming) and installing a special server which allows the nefarious hacker (or kindly demonstrative researchers) to run sneaky programs that will grab details from the iPhone’s keychain system. (This is where all your precious security data is housed.)
For one-password-for-everything simpletons like us, it gets worse. In the researcher’s statement, they said: “As soon as attackers are in the possession of an iPhone or iPad and have removed the device’s SIM card, they can get a hold of e-mail passwords and access codes to corporate VPNs and WLANs as well.
“Control of an e-mail account allows the attacker to acquire even more additional passwords: For many web services such as social networks the attacker only has to request a password reset.” Not good!
Fraunhofer SIT suggest that if you do unwillingly part with your phone, initiate the iPhone’s Find My iPhone app and wipe it as soon as possible.
The security experts told MacWorld that: “Owner’s of a lost or stolen iOS device should therefore instantly initiate a change of all stored passwords.
“Additionally, this should be also done for accounts not stored on the device but which might have equal or similar passwords, as an attacker might try out revealed passwords against the full list of known accounts.”
Six minutes? Don’t believe it? Watch for yourself below. (The video is only two minutes long!)