Researchers Crack iOS Mobile Hotspot Passwords In Less Than a Minute

msm1267 writes "Business travelers who tether their iPhones as mobile hotspots beware. Researchers at the University of Erlanger-Nuremberg in Germany have discovered a weakness in the way iOS generates default passwords for such connections that can leave a user's device vulnerable to man-in-the-middle attacks, information leakage or abuse of the user's Internet connection. Andreas Kurtz, Felix Freiling and Daniel Metz published a paper (PDF) that describes the inner workings of how an attacker can exploit the PSK (pre-shared key) authentication iOS uses to establish a secure WPA2 connection when using the Apple smartphone as a hotspot. The researchers said that attackers would find the least resistance attacking the PSK setup rather than trying their hand at beating the operating system's complex programming layers."

less than a minute?

[noh8rz10]

to be fair, it took them more than a week to crack it, but now that they've cracked it a hotspot password can be cracked in 50 seconds. a big difference I think.

Re:less than a minute?

[girlintraining]

to be fair, it took them more than a week to crack it, but now that they've cracked it a hotspot password can be cracked in 50 seconds. a big difference I think.

Not to an attacker. Google "rainbow tables" sometime, and then realize that even strong passwords up to 16 characters in length are currently crackable in mere seconds. 50 seconds is pathetically slow for the sophisticated attacker today.

Re:less than a minute?

[Russ1642]

Rainbow tables are useless against properly salted passwords. Anyone not using a salt in this day and age is begging to be hacked.

Re:less than a minute?

[CastrTroy]

And rainbow tables are also only good if the attacker has access to your password file. If untrusted people have access to your password file, you already have some problems. The only case where the attacker should have access to the password file would be if they had physical access to the machine, in which case you'd better trust them to some degree anyway. However, what frequently ends up happening, is that remote systems are hacked into and password files are downloaded, and analyzed using a rainbow table. Sure the salting of passwords would have helped a little in this situation, but the glaring problem is that they hacker should have never been able to obtain the password file in the first place.

Re:less than a minute?

[LordLimecat]

Completely different scenarios. Rainbow tables only work when you have access to hashed passwords. They also run into trouble with salts. They also run into trouble when you change hash algos (have to re-generate the tables).

Re:less than a minute?

You really put a lot of effort into _sounding_ like you know what you talk about, yet I notice you didn't offer any solutions on how to stop said hacker from obtaining the password file. It goes without saying that due to the nature of security vulnerabilities, there is always going to be some point at which your system is vulnerable and no one other than the person looking for exploits knows about it. Researchers and the companies themselves will catch on eventually, but they call them 0-day exploits for a reason -- a skilled hacker can poke holes in your preventative measures and get at that password file anyway.

It's quite fine to say "that hacker shouldn't have had access to the password file in the first place," most IT admins, even the inept ones, are aware of that. It goes without saying. "Untrusted" people are constantly looking for ways of getting at that file and others, just because you've made a gated community out of your server doesn't mean someone isn't going to break in.

So what is the solution then? Since you seem to make it out to be so glaringly obvious, what is the be-all-end-all solution that will absolutely gurantee that a hacker will never be able to access your password file without your permission? I gurantee you, if the answer is as easy as you seem to think it is, you have a fine career in computer security ahead of you. Finer than everyone else in fact, because if you had that power of cognition you'd have made the entire security industry obsolete. "Oh, he can stop any hacker of any sort, using any method against any platform. Might as well throw in the towel." Even if you -had- there would still be some dedicated person working to prove you wrong.

Re:less than a minute?

[noh8rz10]

what is a rainbow table?

Re:less than a minute?

Well said. He sounds like middle management.

Re:less than a minute?

[duk242]

Here you go: http://en.wikipedia.org/wiki/Rainbow_table
In short: It's a precomputed set of hashes, you can spend as long as you like generating the hashes beforehand and putting them into the rainbow table, then when it comes time to crack the password you just match the hash up with the one you've hacked. Of course, if they're salted or using a different method to generate the hash than your rainbow table, you're screwed :P

Re:less than a minute?

I defer to my gay and/or lesbian gurus who are the only ones who can truly answer.

Re:less than a minute?

[CastrTroy]

Sure you're right, both should be done, but it's still a little unsettling how often password files are retrieved from large sites. Whenever I see a security bulletin stating "Password file compromised, but it was salted and hashed" I think people are missing the whole problem. If they were able to obtain the password file, what other information were they able to make away with?

Could at least get the Uni name right

It's not Erlanger, it's Erlangen.

Argh!

[girlintraining]

the operating system proposes four-to-six-character passwords generated from a default list of 1,842 words and then tags on a random four-digit number.

*facepalm* Dinopass does a better job of picking good passwords than Apple, and it's designed for children. For the largest company on the planet, this is really, painfully, sad. In other news, this isn't a weakness in the crypto per-se -- it's making a suggestion. The user still has the option of picking something more secure.. so it's not entirely Apple's fault if your hotspot gets p0wned.

Re:Argh!

and it's designed for children

So, like Apple.

Re:Argh!

[54mc]

For reference, that means there's 18,420,000 combinations.

Re:Argh!

[NeoMorphy]

and it's designed for children

So, like Apple.

That was not necessary. You shouldn't imply that they are that ignorant.

Re:Argh!

For the largest company on the planet

Nope.

Re:Argh!

[sl4shd0rk]

Dinopass does a better job of picking good passwords than Apple

Nice! I finally have an awesome root pass!
+otalDingle48

Re:Argh!

the operating system proposes four-to-six-character passwords generated from a default list of 1,842 words and then tags on a random four-digit number.

*facepalm* Dinopass does a better job of picking good passwords than Apple, and it's designed for children. For the largest company on the planet, this is really, painfully, sad. In other news, this isn't a weakness in the crypto per-se -- it's making a suggestion. The user still has the option of picking something more secure.. so it's not entirely Apple's fault if your hotspot gets p0wned.

PGP and S/Key word lists (as well as Diceware) allow one to turn a set of bits/hex values into words:

http://en.wikipedia.org/wiki/Biometric_word_list
http://en.wikipedia.org/wiki/S/KEY#Usability
http://en.wikipedia.org/wiki/Diceware

Just grab the desired amount of entropy from /dev/random and generate the text.

I'm guessing Apple simply decided to go for convenience instead of security.

Re:Argh!

[cbhacking]

Or (in the terms that people in this area usually think in) just over 24 bits of entropy. (~24.135)

That is absurdly low for an auto-generated single-use password.

Re: Argh!

Yeah, I've met some really smart children who would be offended.

Re:Argh!

[girlintraining]

Nope.

* By market capitalization.

Re:Argh!

[retchdog]

The researchers say that the words are not picked uniformly at random, so it's actually fewer bits than that.

It's not hard to see why apple makes it this way: it's so that it's easy for you to share the password with people, and so that it's uniformly easy to type in on smartphones and tablets which reliably have only alphanumerics (and minimal punctuation) on the default keyboard.

Most people don't care about this stuff, and if you do you can change it. Apple understands that ease-of-use is king. That's why they make money.

Re:Argh!

So you mean that they fleece the money out of their users?

Captcha: truthful

Re:Argh!

For reference, assuming 62 symbols (uppercase, lowercase and digits):

A random 4-char password has 14,776,336 combinations (23.8 bits of entropy).
A random 8-char password has 218,340,105,584,896 combinations (47.6 bits).
A random 16-char password has 47,672,401,706,823,533,450,263,330,816 combinations (95.3 bits).

If a given cracking program can crack your 8-char password in 10 seconds, then it can crack your 4-char password in a mere 680 nanoseconds, or your 16-char password in 69 million years.

tl;dr: My 3-year old nephew could probably guess your 4-char password by asking "is it XXXX?" for a few days, but your great^thousandth grandchild will still have trouble cracking your 16-char password on whatever they call supercomputers after the start of the next ice age.

Re:Argh!

[Anubis+IV]

Not to defend it too much, since I agree that this is rather silly of Apple to have done, but we do need to remember that these hotspots are transient, and that for them to be attacked, an attacker would have to both know the location of one and when it will be there. That said, if someone were in a routine that an attacker was aware of, it would be fairly trivial to use this attack against them, and even if they generated a new password, they'd still face the issue again.

Re:Argh!

So you mean that they fleece the money out of their users?

Captcha: truthful

They may or may not "fleece the money out of their users".
Yet that has absolute nothing to do with market capitalization.

You have a right to be ignorant. But do you really need to be so blatantly pathetic about it?

Simple.

[Bill_the_Engineer]

Don't use default passwords.

Re:Simple.

The original article implied that IOS6 users were no longer able to choose their own password. I would hope and expect that this isn't true, but that's what they implied, and I wouldn't put it past Apple to do something like that. The word choice is a naughty word for Apple.

Re:Simple.

According to Apple, Apple customers pay Apple to make their choices for them.

Apple

Re:Simple.

[Aaden42]

Indeed this is not true. I use mobile hotspot on iOS6 (iPhone 4S). Default password was pathetic, but easily changed.

Internet Abuse

[Major+Ralph]

abuse of the user's Internet connection

I abuse my internet on a daily basis.

Re:Internet Abuse

[antdude]

Me too. Although, a few times the owners (e.g., ISPs) did complain and even kick me off. :(

Fixed in iOS 7

[eecue]

FWIW, this has been fixed in iOS 7, it is now totally random.

Re:Fixed in iOS 7

Proof?

Re:Fixed in iOS 7

[adolf]

Nothing is totally random.

Man in the Man in the Middle

It's okay, I'll just ask the NSA who has been listening in.

Re:Really?

So, someone else might be able to jump onto your phone data when you are tethering... however to do so they need to lug around a big computer tower with a bunch of GPUs plugged in, and only if you use the default password.

This is very much a non-story. Most people using tethering will have it enabled when they need it then turn it off (otherwise major battery drain), so they might be able to use your internet for a little bit but then they'll be left with nothing. And it's really really easy to change the default password, on the screen to enable mobile hotspot on your phone the password is displayed, tapping on it gives you the keyboard to change it. This was the way it worked from the beginning of IOS tethering.

With changing the password being so easy, how many people who use tethering would leave it at the default? Most people I know would change it just to make it more personal and memorable.

The tower-full of GPUs doesn't have to be on-site. One can always transfer the captured handshake to a remote system for cracking. Of course, this renders the goal of getting a little free wireless broadband pointless (as it supposes an attacker already has some kind of network access).

Re:Really?

[Wookact]

So, someone else might be able to jump onto your phone data when you are tethering... however to do so they need to lug around a big computer tower with a bunch of GPUs plugged in, and only if you use the default password.

I read the article, It said nothing about lugging around a computer filled with GPU. I would be willing to bet my laptop could handle that.

“The app also gives explanations and hints on how to crack a captured WPA handshake using well-known password crackers,” the paper said. “Future releases might also automate the process of capturing and cracking hotspot passwords. As computing power on smart devices is limited, one solution is to involve online password cracking services like CloudCracker, to crack hotspot passwords on-the-fly.”

In fact it sounds as if it may even be feasible without the laptop.

Re:Really?

Thank god there's nothing that has a GPU inside of it that could fit in a pocket or a small purse / backpack -- sorta like how my Galaxy Nexus doesn't have a GPU that you could use. Certainly doesn't fit in my pocket either.

Well...

Okay, this isn't great, but let's keep it real. They're not hacking into your phone, they're accessing its hotspot. They just get free Internet. Whoo-hoo! Also, if someone actually manages to figure out the password, you get a big blue throbbing bar at the top of the screen telling you someone's using your hotspot.

Not surprising

[slashmydots]

Apple knows security about as well as I know Portuguese. I do not know Portuguese, lol. They're so obsessed with "just make it work" and "make it user friendly" that they toss security out the window just as quickly as Lexus did and now you can hack one and drive away in 2 minutes.

Ancient Hoax

[Cajun+Hell]

..in iOS 6 for example, the operating system proposes four-to-six-character passwords generated from a default list of 1,842 words and then tags on a random four-digit number.

I think I can explain what happened.

First of all, this story is a dupe. It originally ran on April 1st, 1990. At the time, the story was about "System 6" but some recent tech media editor thought that meant "iOS 6" (I'll explain how the mistake happened, below). That explains the pre-mass-mainstream approach to passwords.

Secondly, even the 1990 story was a hoax. By the standards of the day, that was still such a stupid way to generate passwords, that no one would do it.

Third, the story was written by a guy who turned out to be working at Microsoft. The whole point of the hoax was to make the Newton tablet look stupid, a mis-engineered travesty designed by utterly clueless morons. The 2013 tech media editor saw "Newton" and knew that couldn't be right, which is how it became iOS. Newtons didn't really run System 6, but the original Microsoft author didn't know that.

In short, this is about stupidity that is so stupid, that people didn't do things that stupidly, even back when your mother hadn't heard of the Internet yet.

Just kidding. It's a modern story, but I just wanted to point out that even the most absurd bend-over-backward-to-rationalize-things explanation for behavior this stupid, still isn't very convincing. No field can distort reality to the required degree.

Re:Really?

I've also never walked around with an dual FPGA board in a pocket.

Brief Comparison to other Platforms

[Plumpaquatsch]

Other mobile platforms might be affected by these deficits as well. Although, we did not analyze other platforms in detail, spot-checks have revealed that default passwords in Windows Phone 8 consist of only 8-digit numbers. As this results in a search space of 108 candidates, attacks on Windows-based hotspot passwords might be practicable. Moreover, while the official version of Android generates strong passwords2, some vendors modified the Wi-Fi related components utilized in their devices and weakened the algorithm of generating default passwords. For instance, some Android-based models of the smart- phone and tablet manufacturer HTC are even shipped with constant default passwords consisting of a static string (1234567890) [26]. However, future studies will be necessary to evaluate the security level of mobile hotspots on other platforms in more detail.

Re:Brief Comparison to other Platforms

[jeremyp]

In a sense, it would have been better for Apple to do that. The hotspot password is displayed directly below the switch that turns the hotspot on. If I had seen it said "1234567890" the first time I used personal hotspot, I would have immediately changed it to a reasonably strong password.

However, the password that was displayed was "mucked3879" which I just assumed was generated randomly and didn't change until I first heard about this vulnerability.

word list

I didnt see a link to the word list in the article. Anyone know where to find it?