German Hackers Exploit iPad and iPhone Security Flaw to Reveal User’s Passwords
By 
Researchers from the Fraunhofer Institute for Secure Information Technology in Darmstadt Germany have demonstrated how easily criminals can crack an iPad or iPhone to reveal a user’s sensitive information. The researchers were able to take an iPhone running a standard version of Apple’s iOS operating system and quickly extract all passwords from the device in under six minutes. The same method could also be used to hack an iPad or iPod Touch.
The security flaw essentially allows anyone to circumvent the iPad’s and iPhone’s encryption and gain access to all passwords stored in the iOS keychain. With the newly gained passwords, a criminal could use the information to break into a user’s online accounts, potentially providing them access to e-mails, banking information, medical records, corporate logins or other sensitive information.
In order to for someone to use this new cracking method, they need to have physical access to the user’s iPad or iPhone. Once a hacker has access to the device, they simply connect it to a PC and run a few basic software scripts to gain access to a user’s passwords.
“This opinion we encountered even in companies’ security departments”, says Jens Heider, technical lab manager at the Fraunhofer Institute for Secure Information Technology . “Our demonstration proves that this is a false assumption. We were able to crack devices with high security settings within a very short time.”
The fact that a hacker can gain access to all the passwords stored on an iPhone or iPad means that if a users loses their device, even for only a short period of time, their security could be compromised. The Fraunhofer SIT recommends that users who have lost their iPad or iPhone should change all their passwords, even those for online sites they may have visited from their iPad or iPhone. Only these steps will ensure a hacker with stolen passwords can’t access a user’s online accounts and potentially steal sensitive information or alter user data.
