Researchers crack iPhone in under six minutes

A group of German researchers has discovered a hole in Apple's iOS which could allow an attacker to quickly extract log-in credentials from a compromised device.

A presentation from the Fraunhofer Institute for Secure Information Technology entitled Lost iPhone? Lost Passwords! (PDF) suggests that an attacker who has stolen an iPhone, iPad or iPod Touch could circumvent the passcode protections and access other passwords stored within the keychain tool which manages log-in credentials.

The researchers said that the procedure can be performed on a fully patched, unmodified iOS device which is locked with a passcode that the attacker is unable to guess or obtain.

Circumventing the protections begins with a jail-breaking procedure. An attacker could hook up the device to a PC via USB connection to install and execute jail-break tools to gain access to certain areas of the device.

From there, researchers were able to execute a script code which accesses the keychain components on the device and automatically decrypts stored information.

"This decryption is possible, since on current iOS devices the required cryptographic key does not depend on the user's secret passcode," the researchers wrote in the report.

"Instead the required key material is completely created from data available within the device, and therefore is also in the possession of a possible attacker."

An attacker with access to the keychain would then be able to obtain credentials for all sites and services stored on the device, including webmail and online application log-ins.

The Fraunhofer researchers concluded that consumers and enterprises should have emergency procedures in place to remotely wipe a stolen device. Apple offers such tools for free on iOS devices.

Jens Heider, test lab technical manager at the Fraunhofer Institute, noted that those who rely on the built-in protections could leave themselves and their businesses at risk.

"Our demonstration proves that this is a false assumption," he said. "We were able to crack devices with high security settings within a very short time."

The company has posted a YouTube video demonstrating the sample attack procedure.

Apple did not respond to a request for comment on the report.