Researchers crack default iPhone Personal Hotspot passwords in under a minute
The default generated passwords protecting the mobile hotspot feature of Apple's iPhones and iPads are weak and flawed, according to a group of German researchers claiming to be able to crack iOS Personal Hotspot keys in less than a minute.
In a paper (PDF) titled "Usability vs. Security: The Everlasting trade-OFf in the Context of Apple iOS Mobile Hotspots," researchers from the University of Erlangen demonstrate that iOS generates weak default passwords for its mobile hotspot feature. The researchers found that the mobile hotspot feature is quite susceptible to brute force attacks on the WPA2 handshake.
The paper holds that iOS generates its default passwords based on a word list of roughly 52,500 entries, though iOS apparently relies on about 1,842 of those entries. Additionally, the process for selecting words from the list is insufficiently randomized. That leads to a skewed distribution of words that go into default passwords. That skewed distribution apparently makes it easier to crack a device's password.
Using a GPU cluster with four AMD Radeon HD 7970s, the researchers claimed a 100 percent success rate in cracking iOS-generated passwords. Over the course of the experiment, the researchers got the time to retrieve a password down to around 50 seconds.
The paper notes that "access to a mobile hotspot also results in access to services running on a device." It points to apps like AirDrive HD and other wireless sharing apps as the first easily accessible services once access to the device has been gained.
Besides access to certain apps on the device, the paper also notes that computers and other smart devices connected to the hotspot could also be affected. Additionally, an attacker might be able to intercept messages passing between connected devices and the mobile hotspot.
The researchers write that the entire process of identifying targets, deauthenticating wireless clients, capturing WPA handshakes, and cracking hotspot default passwords could easily be automated. The team even built an app ? Hotspot Cracker ? in order to automate the word list generation process. The computing power necessary to brute force crack the password, they say, could be supplied by cloud computing services.
In all, the paper notes that the tendency for device manufacturers to make their default hotspot passwords easily memorizable is the main cause of the vulnerability. The researchers call for truly randomized passwords to be the default setting for mobile hotspot-capable devices.
"In the context of mobile hotspots," the report concludes, "there is no need to create easily memorizable passwords. After a device has been paired with once by typing out the displayed hotspot password, the entered credentials are usually cached within the associating device, and are reused within subsequent connections."
The paper also notes that Windows Phone 8 and Android devices can be vulnerable to similar attacks. Android by default generates tougher passwords, but many vendors modify the system for their own devices and change the password settings. Windows Phone 8 passwords consist of only eight-digit numbers, giving hackers a search space of 10^8 candidates.
In a paper (PDF) titled "Usability vs. Security: The Everlasting trade-OFf in the Context of Apple iOS Mobile Hotspots," researchers from the University of Erlangen demonstrate that iOS generates weak default passwords for its mobile hotspot feature. The researchers found that the mobile hotspot feature is quite susceptible to brute force attacks on the WPA2 handshake.
The paper holds that iOS generates its default passwords based on a word list of roughly 52,500 entries, though iOS apparently relies on about 1,842 of those entries. Additionally, the process for selecting words from the list is insufficiently randomized. That leads to a skewed distribution of words that go into default passwords. That skewed distribution apparently makes it easier to crack a device's password.
Using a GPU cluster with four AMD Radeon HD 7970s, the researchers claimed a 100 percent success rate in cracking iOS-generated passwords. Over the course of the experiment, the researchers got the time to retrieve a password down to around 50 seconds.
The paper notes that "access to a mobile hotspot also results in access to services running on a device." It points to apps like AirDrive HD and other wireless sharing apps as the first easily accessible services once access to the device has been gained.
Besides access to certain apps on the device, the paper also notes that computers and other smart devices connected to the hotspot could also be affected. Additionally, an attacker might be able to intercept messages passing between connected devices and the mobile hotspot.
The researchers write that the entire process of identifying targets, deauthenticating wireless clients, capturing WPA handshakes, and cracking hotspot default passwords could easily be automated. The team even built an app ? Hotspot Cracker ? in order to automate the word list generation process. The computing power necessary to brute force crack the password, they say, could be supplied by cloud computing services.
In all, the paper notes that the tendency for device manufacturers to make their default hotspot passwords easily memorizable is the main cause of the vulnerability. The researchers call for truly randomized passwords to be the default setting for mobile hotspot-capable devices.
"In the context of mobile hotspots," the report concludes, "there is no need to create easily memorizable passwords. After a device has been paired with once by typing out the displayed hotspot password, the entered credentials are usually cached within the associating device, and are reused within subsequent connections."
The paper also notes that Windows Phone 8 and Android devices can be vulnerable to similar attacks. Android by default generates tougher passwords, but many vendors modify the system for their own devices and change the password settings. Windows Phone 8 passwords consist of only eight-digit numbers, giving hackers a search space of 10^8 candidates.
Comments
Then it will be fixed in an update, just like Apple usually does.
Big. Frickin. Deal.
In the meantime, remain suspicious of strangers who move alongside you continuously...
Augmented solution: keep an eye on the status bar that shows how many devices are connected.
Love the title 'researchers'. I am a researcher in breaking into people's houses. Should I get in I research their bedroom drawers.
Yeah yeah, I know. Its valid and all that but were they always called researcher? Or are they researchers by daytime, only?
This same article was on 9 to 5 Mac and pretty much you would have to carry around a BIG computer and gear to accomplish this.
Can you imagine walking into your local coffee place with all that stuff? Right.....
Quote:
Originally Posted by HappyAppleUser
This same article was on 9 to 5 Mac and pretty much you would have to carry around a BIG computer and gear to accomplish this.
Can you imagine walking into your local coffee place with all that stuff? Right.....
Most things that you can do with a "big computer" can be done with the big computer located elsewhere. I suspect someone could turn a generic smartphone into a front end for this pretty easily.
This is a good example of how these kinds of vulnerabilities should be discovered, reported, and (presumably) fixed. I'm surprised the Apple security guys didn't catch this sooner. Or perhaps they did and how they are having a "we told you so" moment.
Quote:
Originally Posted by Steven N.
Does anyone know how many authentication attempts iOS can handle per second? This based on how fast they could generate passwords but they never actually logged into system from I could tell. The 1 minute try was at 390,000 guesses per second and would need about 100,000,000 BITS per second bandwidth.
Wow. Excellent question. That sounds more like a denial of service attack vulnerability when you put it like that.
As usual another overhyped news about nothing, here is why:
1) I don't know anyone who keeps their Wi-fi tethering ON when they don't use it for a) battery concern and b) privacy concern.
2) When the internet sharing is in uses to the iPhone is instantly notify it on the home screen.
3) It's a brute force hack who needs the iPhone to be in range.
4) No private data on the iPhone is at risk (Airdrive and other third party sharing solution are sandboxed), the only price for the attacker is to momentary gain a free wireless Internet access. According to the article, the hacker teams said it could develop an Smartphone Apps with help of cloud computing. I fail to see the usefulness of hacking others internet services when you already have one.
I've got way more concern about Wi-Fi insecurity on domestic router or public honeypots than generated password for iPhones personnal hotspot.
And in my experience, to connect reliably you have to turn hotspot off and back on again before you want to connect just to make it active. So any attempt to crack into your phone and use your data plan would have to be extraordinarily targeted.
Originally Posted by HappyAppleUser View Post
>This same article was on 9 to 5 Mac and pretty much you would have to carry around a BIG
>computer and gear to accomplish this. Can you imagine walking into your local coffee place with
>all that stuff? Right.....
Like the newly announced Mac Pro that fits in a shoulder bag, has a 12core Xeon and dual GPU's? Then, too, the researchers suggest it could be cracked via the cloud, so the Starbucks-local hardware need only be a prior-gen iPod Touch w/ a WiFi connection. Beware nerdy-looking coffee sippers with white ear-buds and wearing a tinfoil hat! They could be hacking you right now.
Sounds pretty simple. I wonder how long the NSA has been exploiting this.
Ah! Ze Germans.
McD
Especially if they're holding a GPU cluster with four AMD Radeon HD 7970s in their hands.
The way this attack works is not attempting to connect to the phone repeatedly. That wouldn't work. What happens is that they monitor the wireless data going to the phone, waiting for network authentication to occur. ie, when you turn on your laptop and start the connection. This traffic is in an encrypted form. So they take this data and run it through their program to determine what the key is.
The hardware needed to read the encrypted data floating in air can be as simple as another phone. This can then be sent to the power computer to decrypt, and then return the data back to the phone. No big computer is needed onsite for this to work.
Now, for this to work, they have to capture the exact data at the time that you authenticate to the network. If your hot spot is on, but nobody is attempting to tether, they cannot gain access to the key. This means there's no need to turn off the hotspot feature when you're not using it in an effort to prevent this attack. There are ways to trick connected devices into reauthenticating their connections, so during the duration of your connection, you are vulnerable to this attack.
Now, of course, if they do connect to your device, there is going to be a notification on the screen. However, if your phone is in your pocket, you won't necessarily see that.
For most people, the risk of using the auto generated password is minimal. In fact, it's better than 12345 that they would probably enter on their own. Having Apple put a more difficult auto password in the phone would result in people changing it to easy to guess passwords, so 'fixing' the problem would likely make things worse. A simple solution is when you see the default password, CHANGE it to something more complex. Random letters and numbers are no more complex than strings of words for a computer to guess. A34fD#'cG is hard for a human to remember. thehorseateyellowbutterflies is relatively easy to remember. But for a computer guessing, the latter would be far more difficult.
So someone sets up a smartphone as a front end being connected to a computer (presumably through the Internet) and manages to crack the password for... What? The Internet? He must already have that to access his "big computer located elseware". Am I missing something here? What does someone gain by cracking the password other than a hotspot that will eat up my data allowance?
With all the "stay away from geeks with GPU clusters on their back" and "just keep a close eye on your connections", there seem to be some serious misconceptions in this thread. Based on the information in this report, the following would be a more plausible scenario.
Let's say I go by 'Mr. Hacker', and am bored one afternoon. That afternoon, I decide to go to a place where I know mobile hotspots are in high use; like a train station. I pull out my cell phone to monitor wireless traffic and capture a WPA handshake that takes place when a wireless connection first authenticates. Oh look....there you are turning on your laptop and fiddling with your phone...any second now. Bingo...we have our WPA handshake to get us moving.
I then send your WPA handshake down to my retired bitcoin miner at home with more than enough GPU power to hash away at lightning speed. Less than a minute later, I now have your cracked password, with your derived PMK and PTK. So what to do next? Connect to your phone now that I know your password? Heck no! Only an idiot would do that! With your PMK, PTK, and spoofing your laptop's MAC address...as far as your phone knows...I AM YOUR LAPTOP! No new connection required.
What to do now? Well...let's first try to SSH and see if that bad boy was jailbroken. If so...I can do anything I want with it! Or maybe I'll just capture all your traffic to analyze for later. You would be shocked to know how many username and passwords are transmitted over unencrypted POST vars! If I'm really sophisticated, maybe I'll play a man-in-the-middle attack when you go to check your bank account. The possibilities are truly endless!
Not necessarily. Password crackers incorporate dictionaries and commonly used patterns into their algorithms. A string of five randomly generated characters (even if you restrict the character set to something like lowercase letters) will always beat a five letter word or a two and three letter word put together. Though, in general you are right. It is much easier for humans to remember a string of words (even if they are randomly chosen, like they should be) than it is to remember a random string of characters.
Quote:
Originally Posted by e_veritas
With all the "stay away from geeks with GPU clusters on their back" and "just keep a close eye on your connections", there seem to be some serious misconceptions in this thread. Based on the information in this report, the following would be a more plausible scenario.
Let's say I go by 'Mr. Hacker', and am bored one afternoon. That afternoon, I decide to go to a place where I know mobile hotspots are in high use; like a train station. I pull out my cell phone to monitor wireless traffic and capture a WPA handshake that takes place when a wireless connection first authenticates. Oh look....there you are turning on your laptop and fiddling with your phone...any second now. Bingo...we have our WPA handshake to get us moving.
I then send your WPA handshake down to my retired bitcoin miner at home with more than enough GPU power to hash away at lightning speed. Less than a minute later, I now have your cracked password, with your derived PMK and PTK. So what to do next? Connect to your phone now that I know your password? Heck no! Only an idiot would do that! With your PMK, PTK, and spoofing your laptop's MAC address...as far as your phone knows...I AM YOUR LAPTOP! No new connection required.
What to do now? Well...let's first try to SSH and see if that bad boy was jailbroken. If so...I can do anything I want with it! Or maybe I'll just capture all your traffic to analyze for later. You would be shocked to know how many username and passwords are transmitted over unencrypted POST vars! If I'm really sophisticated, maybe I'll play a man-in-the-middle attack when you go to check your bank account. The possibilities are truly endless!
Great scenario, its much easier to open an unencrypted Wi-fi in public places and lets any devices connect to it and then do what ever man-in-the-middle attack you want, pretty simple without any brute force key decryption.
Quote:
Originally Posted by e_veritas
With all the "stay away from geeks with GPU clusters on their back" and "just keep a close eye on your connections", there seem to be some serious misconceptions in this thread. Based on the information in this report, the following would be a more plausible scenario.
Let's say I go by 'Mr. Hacker', and am bored one afternoon. That afternoon, I decide to go to a place where I know mobile hotspots are in high use; like a train station. I pull out my cell phone to monitor wireless traffic and capture a WPA handshake that takes place when a wireless connection first authenticates. Oh look....there you are turning on your laptop and fiddling with your phone...any second now. Bingo...we have our WPA handshake to get us moving.
I then send your WPA handshake down to my retired bitcoin miner at home with more than enough GPU power to hash away at lightning speed. Less than a minute later, I now have your cracked password, with your derived PMK and PTK. So what to do next? Connect to your phone now that I know your password? Heck no! Only an idiot would do that! With your PMK, PTK, and spoofing your laptop's MAC address...as far as your phone knows...I AM YOUR LAPTOP! No new connection required.
What to do now? Well...let's first try to SSH and see if that bad boy was jailbroken. If so...I can do anything I want with it! Or maybe I'll just capture all your traffic to analyze for later. You would be shocked to know how many username and passwords are transmitted over unencrypted POST vars! If I'm really sophisticated, maybe I'll play a man-in-the-middle attack when you go to check your bank account. The possibilities are truly endless!
Thanks for filling in the actual process of how this would work.