Go Back   Honda-Tech > Community Forums > General Discussion and Debate
Sign in using an external account
Register Forgot Password?
Search


Welcome to Honda-Tech!
Welcome to Honda-Tech.com.

You are currently viewing our forums as a guest, which gives you limited access to view most discussions and access our other features. By joining our community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join the Honda-Tech community today!


Reply
 
 
 
submit to reddit
 
Thread Tools Search this Thread
Old 02-10-2011, 06:12 AM   #1
Johnny.
Widow's Son
Garage is empty, add now
 
Johnny.'s Avatar
 
Join Date: Dec 2002
Location: Mid-Atlantic
Posts: 4,989
iTrader Rating: (0)
Send a message via AIM to Johnny.
Default Lost iPhone pwn3d in 6 minutes

http://www.pcworld.com/businesscente...x_minutes.html

http://www.sit.fraunhofer.de/en/Imag...m502-80443.pdf


Phone Attack Reveals Passwords in Six Minutes

Researchers in Germany say they've been able to reveal passwords stored in a locked iPhone in just six minutes and they did it without cracking the phone's...

By Martyn Williams

Feb 9, 2011 10:40 PM

Researchers in Germany say they've been able to reveal passwords stored in a locked iPhone in just six minutes and they did it without cracking the phone's passcode.
The attack, which requires possession of the phone, targets keychain, Apple's password management system. Passwords for networks and corporate information systems can be revealed if an iPhone or iPad is lost or stolen, said the researchers at the state-sponsored Fraunhofer Institute Secure Information Technology (Fraunhofer SIT).
It is based on existing exploits that provide access to large parts of the iOS file system even if a device is locked.
In a video that demonstrates the attack, the researchers first jailbreak the phone using existing software tools. They then install an SSH server on the iPhone that allows software to be run on the phone.
The third step is to copy a keychain access script to the phone. The script uses system functions already in the phone to access the keychain entries and, as a final step, outputs the account details it discovers to the attacker.
The attack works because the cryptographic key on current iOS devices is based on material available within the device and is independent of the passcode, the researchers said. This means attackers with access to the phone can create the key from the phone in their possession without having to hack the encrypted and secret passcode.
Using the attack, researchers were able to access and decrypt passwords in the keychain, but not passwords in other protection classes.
Among passwords that could be revealed were those for Google Mail as an MS Exchange account, other MS Exchange accounts, LDAP accounts, voicemail, VPN passwords, WiFi passwords and some App passwords. Researchers published a paper with full details of the attack's results.
"As soon as attackers are in the possession of an iPhone or iPad and have removed the device's SIM card, they can get a hold of e-mail passwords and access codes to corporate VPNs and WLANs as well," said the researchers in a statement. "Control of an e-mail account allows the attacker to acquire even more additional passwords: For many web services such as social networks the attacker only has to request a password reset."
The attack has particular significance for companies that allow employees to use iPhones on corporate networks, because it can reveal network access passwords.
"Owner's of a lost or stolen iOS device should therefore instantly initiate a change of all stored passwords," said Fraunhofer SIT. "Additionally, this should be also done for accounts not stored on the device but which might have equal or similar passwords, as an attacker might try out revealed passwords against the full list of known accounts."
Researchers at Fraunhofer SIT have previously revealed security problems with other operating systems. In late 2009 they published multiple attack scenarios criminals could use to access files protected by Microsoft's BitLocker disk-encryption technology. Last year the institute began selling a Java phone application for securely storing passwords.
Martyn Williams covers Japan and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address is martyn_williams@idg.com
__________________
Comments or Statements made using this screen name are frequently made in jest. These statements do not represent the position of any organization or entity and should not be taken as factual commentary on any topic, to include the author.
Johnny. is offline   Reply With Quote
Old 02-10-2011, 06:21 AM   #2
Just a n00b
Accident Prone
1997 Integra Type-R
 
Join Date: May 2010
Location: The runoff of a track near you.
Posts: 2,409
iTrader Rating: (0)
Default Re: Lost iPhone pwn3d in 6 minutes

Cliffs?

And since I dont have time to read, what can we do to protect our iPhone stored passwords
__________________
1997 インテグラ タイプ−R #208/318
Just a n00b is offline   Reply With Quote
Old 02-10-2011, 06:21 AM   #3
ActiveAero
Honda-Tech Member
2010 Tokyo Metro Tōzai Line
 
ActiveAero's Avatar
 
Join Date: Mar 2001
Location: Oil rig, middle of the ocean
Posts: 5,082
iTrader Rating: (0)
Send a message via AIM to ActiveAero
Default Re: Lost iPhone pwn3d in 6 minutes

OMG stop the presses! I just found out that if you give a damn hacker physical access to your fvcking computer that they can do **** with it that you won't like! Definitely just an Apple flaw though, because we all know if you handed these same guys physical access to any other computing device that you own that everything would remain ultra safe and secure lol.
ActiveAero is online now   Reply With Quote
Old 02-10-2011, 06:25 AM   #4
crawdad689
Honda-Tech Member
Garage is empty, add now
 
crawdad689's Avatar
 
Join Date: Jul 2003
Location: Big Apple, NY, USA
Posts: 2,957
iTrader Rating: (0)
Send a message via AIM to crawdad689
Default Re: Lost iPhone pwn3d in 6 minutes

^^ Are you implying that other devices BESIDES APPLE'S can also be hacked?!?!!! I don't believe that for a goddamn second!!!

__________________
Quote:
Originally Posted by George Knighton View Post
Thank you for the cogent argument.
crawdad689 is offline   Reply With Quote
Old 02-10-2011, 06:58 AM   #5
njn63
Honda-Tech Member
1993 Mazda Miata
 
njn63's Avatar
 
Join Date: Feb 2003
Location: Gurnee, IL
Posts: 5,261
iTrader Rating: (0)
Default Re: Lost iPhone pwn3d in 6 minutes

Inb4Androidowners
__________________
2000 S2000 Hardtop // 1993 Miata // 2010 Jetta TDI Cup
Quote:
Originally Posted by JoeBlue View Post
I would own your company within a year if I worked at it. Unlike you I actually understand how to run a budget without external injections of capital.
njn63 is online now   Reply With Quote
Old 02-10-2011, 07:01 AM   #6
020
011
Garage is empty, add now
 
020's Avatar
 
Join Date: Jun 2002
Location: omicron persei 8
Posts: 1,184
iTrader Rating: (0)
Default Re: Lost iPhone pwn3d in 6 minutes

Quote:
Originally Posted by ActiveAero View Post
OMG stop the presses! I just found out that if you give a damn hacker physical access to your fvcking computer that they can do **** with it that you won't like! Definitely just an Apple flaw though, because we all know if you handed these same guys physical access to any other computing device that you own that everything would remain ultra safe and secure lol.
Apple has a reputation of unhackable with those who aren't up on tech, IE:most of the general public. No one said that this is an apple only flaw, though perhaps you can point me to the article where other mobile os devices have similar flaw?
020 is offline   Reply With Quote
Old 02-10-2011, 07:04 AM   #7
96hb
Honda-Tech Member
Garage is empty, add now
 
96hb's Avatar
 
Join Date: Aug 2003
Location: Edisto Beach
Posts: 1,909
iTrader Rating: (0)
Default Re: Lost iPhone pwn3d in 6 minutes

Solution: Don't lose your damn phone.
__________________
midori
96hb is offline   Reply With Quote
Old 02-10-2011, 07:07 AM   #8
Chubz
Honda-Tech Member
Garage is empty, add now
 
Chubz's Avatar
 
Join Date: Apr 2002
Location: NJ
Posts: 8,549
iTrader Rating: (0)
Send a message via AIM to Chubz
Default Re: Lost iPhone pwn3d in 6 minutes

OMG, an actual device has been hacked in the hands of hackers...who knew
__________________
Alba Gu Brath
Chubz is offline   Reply With Quote
Old 02-10-2011, 07:08 AM   #9
TheMuffinMan
He knows where you live!
Garage is empty, add now
 
TheMuffinMan's Avatar
 
Join Date: May 2005
Posts: 12,252
iTrader Rating: (1)
Default Re: Lost iPhone pwn3d in 6 minutes

Quote:
Originally Posted by ActiveAero View Post
OMG stop the presses! I just found out that if you give a damn hacker physical access to your fvcking computer that they can do **** with it that you won't like! Definitely just an Apple flaw though, because we all know if you handed these same guys physical access to any other computing device that you own that everything would remain ultra safe and secure lol.
Quote:
It is based on existing exploits that provide access to large parts of the iOS file system even if a device is locked.
Essentially, the hacking of iOS and OSx has begun. I have said it all along with everyone else. Apple has not been targeted in the past because they were not popular devices. Now they are gaining market-share they are being targeted and exploits are being found. Apple themselves have gloated it and blamed other companies for any vulnerability (see Adobe).

Phones are one of those devices that people CAN easily get physical access too, don't act like its some crazy thing. Exploiters use every available resource to exploit, "physical access" is a resource.
__________________
2004 NFR S2000
Quote:
Originally Posted by slomofo
I think TheMuffinMan is Chuck Norris. Seriously, you can't find the TheMuffinMan,TheMuffinMan finds you.
TheMuffinMan is offline   Reply With Quote
Old 02-10-2011, 07:23 AM   #10
skateboard_ej8
Honda-Tech Member
Garage is empty, add now
 
skateboard_ej8's Avatar
 
Join Date: Nov 2006
Location: LB2ROSECRANS
Posts: 14,287
iTrader Rating: (4)
Default Re: Lost iPhone pwn3d in 6 minutes

They should implement a self destruct feature. I've said this before in another similar thread IIRC.
__________________
Stock D16ZC 264hp/248ftlb 13.23 psi E85
skateboard_ej8 is offline   Reply With Quote
Old 02-10-2011, 07:26 AM   #11
-Gary-
Honda-Tech Member
Garage is empty, add now
 
-Gary-'s Avatar
 
Join Date: Mar 2006
Location: New Orleans, LA
Posts: 2,023
iTrader Rating: (0)
Default Re: Lost iPhone pwn3d in 6 minutes

Quote:
Originally Posted by TheMuffinMan View Post
Essentially, the hacking of iOS and OSx has begun. I have said it all along with everyone else. Apple has not been targeted in the past because they were not popular devices. Now they are gaining market-share they are being targeted and exploits are being found. Apple themselves have gloated it and blamed other companies for any vulnerability (see Adobe).

Phones are one of those devices that people CAN easily get physical access too, don't act like its some crazy thing. Exploiters use every available resource to exploit, "physical access" is a resource.
Muffin Man is like, 1000% right. By the way though, Blackberry hasn't YET. (to my knowledge)
-Gary- is offline   Reply With Quote
Old 02-10-2011, 07:31 AM   #12
Tokyosmash!
Tickle-shits
Garage is empty, add now
 
Tokyosmash!'s Avatar
 
Join Date: Mar 2007
Location: Clarksville, Tennessee
Posts: 3,862
iTrader Rating: (0)
Send a message via AIM to Tokyosmash!
Default Re: Lost iPhone pwn3d in 6 minutes

In for **** storm.
__________________
-Ben
Tokyosmash! is offline   Reply With Quote
Old 02-10-2011, 07:33 AM   #13
Chubz
Honda-Tech Member
Garage is empty, add now
 
Chubz's Avatar
 
Join Date: Apr 2002
Location: NJ
Posts: 8,549
iTrader Rating: (0)
Send a message via AIM to Chubz
Default Re: Lost iPhone pwn3d in 6 minutes

Quote:
Originally Posted by -Gary- View Post
Muffin Man is like, 1000% right. By the way though, Blackberry hasn't YET. (to my knowledge)

Blackberry is still king in the business world because of this. Security
__________________
Alba Gu Brath
Chubz is offline   Reply With Quote
Old 02-10-2011, 07:36 AM   #14
020
011
Garage is empty, add now
 
020's Avatar
 
Join Date: Jun 2002
Location: omicron persei 8
Posts: 1,184
iTrader Rating: (0)
Default Re: Lost iPhone pwn3d in 6 minutes

Quote:
Originally Posted by TheMuffinMan View Post
Essentially, the hacking of iOS and OSx has begun. I have said it all along with everyone else. Apple has not been targeted in the past because they were not popular devices. Now they are gaining market-share they are being targeted and exploits are being found. Apple themselves have gloated it and blamed other companies for any vulnerability (see Adobe).

Phones are one of those devices that people CAN easily get physical access too, don't act like its some crazy thing. Exploiters use every available resource to exploit, "physical access" is a resource.
bingo. The OS is now an attractive target, and imo a fair bit of the brand image is that they are unhackable/virus proof.
020 is offline   Reply With Quote
Old 02-10-2011, 07:38 AM   #15
Johnny.
Widow's Son
Garage is empty, add now
 
Johnny.'s Avatar
 
Join Date: Dec 2002
Location: Mid-Atlantic
Posts: 4,989
iTrader Rating: (0)
Send a message via AIM to Johnny.
Default Re: Lost iPhone pwn3d in 6 minutes

This is the scary part:

"Among passwords that could be revealed were those for Google Mail as an MS Exchange account, other MS Exchange accounts, LDAP accounts, voicemail, VPN passwords, WiFi passwords and some App passwords"

..which leads to more vulnerabilities.
__________________
Comments or Statements made using this screen name are frequently made in jest. These statements do not represent the position of any organization or entity and should not be taken as factual commentary on any topic, to include the author.
Johnny. is offline   Reply With Quote
Old 02-10-2011, 07:47 AM   #16
junior40er
Honda-Tech Member
Garage is empty, add now
 
junior40er's Avatar
 
Join Date: Sep 2004
Location: u looked at my location LOL.
Posts: 2,730
iTrader Rating: (0)
Send a message via AIM to junior40er
Default Re: Lost iPhone pwn3d in 6 minutes

There's apps that will allow you to erase phone data remotely if you lose your phone.
__________________
My posts are for entertainment purposes only and not to be taken seriously.
junior40er is offline   Reply With Quote
Old 02-10-2011, 07:53 AM   #17
singlecamslamed
Stage 3 CLINGER!
1994 Mazda MX-5
 
singlecamslamed's Avatar
 
Join Date: Nov 2009
Location: LANCASTER
Posts: 3,377
iTrader Rating: (0)
Default Re: Lost iPhone pwn3d in 6 minutes

Apple. Lol. It's only a matter of time before they get hacked to ****. They're so high on their horse about "NO VIRUSES!!", that they spend zero time on security.
__________________
'94 Miata
singlecamslamed is offline   Reply With Quote
Old 02-10-2011, 07:57 AM   #18
MonkeyMagic
Honda-Tech Member
Garage is empty, add now
 
MonkeyMagic's Avatar
 
Join Date: Jan 2003
Location: can't find parking in baltimore
Posts: 3,151
iTrader Rating: (0)
Send a message via AIM to MonkeyMagic
Default Re: Lost iPhone pwn3d in 6 minutes

Quote:
Originally Posted by TheMuffinMan View Post
Essentially, the hacking of iOS and OSx has begun. I have said it all along with everyone else. Apple has not been targeted in the past because they were not popular devices. Now they are gaining market-share they are being targeted and exploits are being found. Apple themselves have gloated it and blamed other companies for any vulnerability (see Adobe).

Phones are one of those devices that people CAN easily get physical access too, don't act like its some crazy thing. Exploiters use every available resource to exploit, "physical access" is a resource.
this

they were only virus proof because it wasn't worth the effort to translate the software and design a virus that would only affect a small percentage of the population.

but what if some day millions of people had apple products...
MonkeyMagic is offline   Reply With Quote
Old 02-10-2011, 08:12 AM   #19
Johnny.
Widow's Son
Garage is empty, add now
 
Johnny.'s Avatar
 
Join Date: Dec 2002
Location: Mid-Atlantic
Posts: 4,989
iTrader Rating: (0)
Send a message via AIM to Johnny.
Default Re: Lost iPhone pwn3d in 6 minutes

Quote:
Originally Posted by junior40er View Post
There's apps that will allow you to erase phone data remotely if you lose your phone.
You're not getting the tenor of the article: 6 minutes and it's done.
__________________
Comments or Statements made using this screen name are frequently made in jest. These statements do not represent the position of any organization or entity and should not be taken as factual commentary on any topic, to include the author.
Johnny. is offline   Reply With Quote
Old 02-10-2011, 08:13 AM   #20
singlecamslamed
Stage 3 CLINGER!
1994 Mazda MX-5
 
singlecamslamed's Avatar
 
Join Date: Nov 2009
Location: LANCASTER
Posts: 3,377
iTrader Rating: (0)
Default Re: Lost iPhone pwn3d in 6 minutes

By the time you notice that you lost your phone, it'll be well past 6 minutes.
__________________
'94 Miata
singlecamslamed is offline   Reply With Quote
Old 02-10-2011, 08:15 AM   #21
skateboard_ej8
Honda-Tech Member
Garage is empty, add now
 
skateboard_ej8's Avatar
 
Join Date: Nov 2006
Location: LB2ROSECRANS
Posts: 14,287
iTrader Rating: (4)
Default Re: Lost iPhone pwn3d in 6 minutes

Quote:
Originally Posted by singlecamslamed View Post
By the time you notice that you lost your phone, it'll be well past 6 minutes.
Unless somebody is targeting you, you probably have more time than that to erase the phone data remotely.
__________________
Stock D16ZC 264hp/248ftlb 13.23 psi E85
skateboard_ej8 is offline   Reply With Quote
Old 02-10-2011, 08:26 AM   #22
Ash J. Williams
Good, Bad…I'm the one with the gun
2005 Acura MDX
 
Ash J. Williams's Avatar
 
Join Date: Jul 2002
Location: Trapped in time, Surrounded by evil, Low on gas
Posts: 5,226
iTrader Rating: (0)
Send a message via ICQ to Ash J. Williams Send a message via AIM to Ash J. Williams
Default Re: Lost iPhone pwn3d in 6 minutes

Quote:
Originally Posted by esco562 View Post
They should implement a self destruct feature. I've said this before in another similar thread IIRC.
you can remotely erase the content, if lost.
Ash J. Williams is offline   Reply With Quote
Old 02-10-2011, 08:32 AM   #23
96hb
Honda-Tech Member
Garage is empty, add now
 
96hb's Avatar
 
Join Date: Aug 2003
Location: Edisto Beach
Posts: 1,909
iTrader Rating: (0)
Default Re: Lost iPhone pwn3d in 6 minutes

Someone should design a case to prevent this.
__________________
midori
96hb is offline   Reply With Quote
Old 02-10-2011, 08:56 AM   #24
White95SiHB
Honda-Tech Member
Garage is empty, add now
 
White95SiHB's Avatar
 
Join Date: Nov 2004
Location: N/A
Posts: 962
iTrader Rating: (0)
Default Re: Lost iPhone pwn3d in 6 minutes

Common sense should be used when using a device that has a high chance of getting lost and/or stolen.

I removed my email account from my iPhone since I knew there's always a chance that should I lose my phone, whoever finds it will have access to my email. I see free apps that enable you to store passwords for your various accounts, but I never get those since I'm sure someone knowledgeable would figure out how to crack those apps. And lastly, I never leave personal pics or videos on my iPhone. Pretty much if someone stole or found my iPhone they'll only see pics my crap. For some reason I like to take pics of all my awesome ***** and send them to chicks if I want them off my jock or send them to friends when I know they're eating.
White95SiHB is offline   Reply With Quote
Old 02-10-2011, 09:00 AM   #25
George Knighton
Grandpa
2000 Acura Integra
My Garage
 
George Knighton's Avatar
 
Join Date: Dec 1999
Location: Siege Perilous
Posts: 94,402
iTrader Rating: (0)
Send a message via AIM to George Knighton
Default Re: Lost iPhone pwn3d in 6 minutes

Quote:
Originally Posted by Just a n00b View Post
Cliffs?
Keep your iPhone in your pants when you're not using it.

Quote:
And since I dont have time to read, what can we do to protect our iPhone stored passwords
Do not use MS Exchange accounts. Use iMap instead. Exchange is notoriously insecure...this is the price we pay for letting Microsoft design and manage it.

Coordinate your information manually instead of relying on token_password routines that are easy to crack regardless of whether you are on iOS, Windows Mobile, Android or Blackberry.

All handsets are easy to crack. All of them. This is why the SELinux/iOS interface was designed for White House employees, but it requires some compromises that the typical user will not like.
__________________
2014 RLX Advance #6890 Forged Silver (current driver)
2010 TL 6-6 #988 SH-AWD Tech Palladium Metallic/Ebony (Sold)
2000 Integra Type R #110 K20A(*)
Sold.
George Knighton is offline   Reply With Quote
 
 
 
submit to reddit
Reply

Tags
4x, access, al, honda, iphone, keychain, locked, lost, min, minutes, mobile, motor, passwords, script, stored

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT -8. The time now is 06:27 AM.



2008 Copyright, InternetBrands Inc.
Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.

Honda and the Honda marquee are registered trademarks of the American Honda Motor Company, Inc. Neither American Honda Motor Company nor its subsidiaries or affiliates shall bear any responsibility for Honda-Tech.com content, comments, or advertising. Honda-Tech.com is not affiliated with American Honda Motor Company in any way. American Honda Motor Company does not sponsor, support, or endorse Honda-Tech.com in any way. Copyright/trademark/sales mark infringements are not intended or implied.
Emails & Contact Details