Sunday, September 22, 2013

Researchers able to predict iOS-generated hotspot passwords in less than a minute

Researchers able to predict iOS-generated hotspot passwords in less than a minute data = {blogUrl: "",v: 315};when = {jquery: lab.scriptBs("jquery"),plugins: lab.scriptBs("plugins"),eng: lab.scriptBs("eng")}; var s265prop9 = ('20627245' !== '') ? 'bsd:20627245' : ''; var postID = '20627245'; var modalMNo = '93319229', modalVideoMNo = '93320648', modalGalleryMNo = '93304207'; when.eng("eng.omni.init", {pfxID:"weg",pageName:document.title,server:"",channel:"us.engadget", s_account: "aolwbengadget,aolsvc", short_url: "",pageType:"",linkInternalFilters:"javascript:,",prop1:"article",prop2:"cellphones",prop9:s265prop9,prop12:document.location,prop17:"",prop18:"",prop19:"",prop20:"", prop22:"mat-smith", prop54:"blogsmith",mmxgo: true }); adSendTerms('1')adSetMOAT('1');adSetAdURL('/_uac/adpagem.html');lab._script("").wait(function(){var floatingAd = new AdhesiveAd("348-14-15-14d",{hideOnSwipe:true});}); onBreak({980: function () { adSetType("F");htmlAdWH("93319229", "LB", "LB"); adSetType("");}}); EngadgetMenu NewsReviews Features Galleries VideosEventsPodcasts Engadget ShowTopics Buyers Guides Sagas Store HD Mobile Alt Announcements Cameras Cellphones Desktops Displays Gaming GPS Handhelds Home Entertainment Household Internet Laptops Meta Misc Networking Peripherals Podcasts Robots Portable Audio/Video Science Software Storage Tablets Transportation Wearables Wireless Acer Amazon AMD Apple ASUS AT&T Blackberry Canon Dell Facebook Google HP HTC Intel Lenovo LG Microsoft Nikon Nintendo Nokia NVIDIA Samsung Sony Sprint T-Mobile Verizon About UsSubscribeLike Engadget@engadgettip uswhen.eng("eng.nav.init")when.eng("") onBreak({980: function () {htmlAdWH("93308280", "215", "35",'AJAX','ajaxsponsor');}});Researchers able to predict iOS-generated hotspot passwords in less than a minute MobileBypostedJun 19th, 2013 at 6:12 AM 0

Anyone who's tried to tether to their iPhone or iPad will recall how iOS manages to craft its own passwords when used as a personal hotspot. The aim is to ensure that anyone sharing a data connection will get some degree of security, regardless of whether or not they tinker with the password themselves. However, three researchers from FAU in Germany have now worked the structure behind these auto-generated keys -- a combination of a short English word and a series or random numbers -- and managed to crack that hotspot protection in under a minute. To start, the word list contains about 52,500 entries, and once the testers were able to capture a WiFi connection, they used an AMD Radeon HD 6990 GPU to cycle through all those words with number codes, taking just under 50 minutes to crack with rote entry. Following that, they realized that only a small subset (just 1,842) of the word list was being used.

With an even faster GPU -- a cluster of four AMD Radeon HD 7970s -- they got the hotspot password cracking time to 50 seconds. The Friedrich-Alexander University researchers added that unscrupulous types could use comparable processing power through cloud computing. "System-generated passwords should be reasonably long, and should use a reasonably large character set. Consequently, hotspot passwords should be composed of completely random sequences of letters, numbers, and special characters," says the report, which outlines the trade-off between security and usability. However, as ZDNet notes, Apple's cycled password approach still offers more protection than static options found elsewhere. Check out the full paper at the source.



Post a Comment