It took only 6 minutes for a team of scientists from the Fraunhofer Institute for Secure Information Technology to pull most of the accounts-related data, including passwords, from a password-protected iPhone.
This attack is based on the already known iPhone hacking methods and requires a physical connection to the device, aiming at its password management system called Keychain.
First of all, the phone is “jailbroken” using publicly available tools. After that, the hacker installs an SSH server on the device and uploads a script that, once executed, pulls all the details of the accounts found in the Keychain system records.
The researchers say that this vulnerability still exists because the cryptographic key in the current iOS versions is not bound to the device blocking code.
The Keychain system can store email account passwords, access details for MS Exchange services, VPN and Wi-Fi access point data and passwords for some user’s applications.
Hoverwatch secretly watches over the phones of your children or staff members, recording calls, camera, spy on SMS, MMS, WhatsAPP, internet activity, calendar, contacts, and geodata (GPS).
More from Refog Blog
Tags: Apple, Information Security, Protection