Boffins at the Fraunhofer Institute for Secure Information Technology (SIT) in Germany devised the hack. The researchers did the tests to demonstrate that passwords aren't secure on Iphones that have been lost.
They obviously had a point to prove and weren't happy with just hacking Apple's shoddy security encryption in six minutes. Within the allotted time, the team also managed to retrieve most of the passwords stored on the Iphone, accessing personal data that could be used to get into bank accounts.
What's great about this hack is that the team spends some time in its report tellng us that it renders the Iphone completely vulnerable as a business tool. It could even make a company's network security vulnerable as well.
The flaw affects all Ithings with the latest firmware and the team didn't even have to break the more complicated 256-bit encryption. They simply bypassed that because passwords are stored within IOS itself, making the encryption technology pointless, apparently even on Iphones with security settings set on high.
Potential attackers can remove an Iphone's SIM card and can also gain access to email passwords and access codes for corporate VPNs and WLANs. This amounts to a serious hit against Apple's recent push to position its Iphones as a valid corporate proposition, having recently added more business oriented features to its consumer smartphone software portfolio than ever before.
The Fraunhofer Institute SIT team suggess that anyone who has lost an Iphone shoud change their passwords. More importantly, companies should also change their network identifications as well.
