Do you own an iPhone or iPad? You must have had tens or hundreds of iPhone applications installed on your device and may be using them to access online services that require your credentials. Scientists at the Fraunhofer Institute for Secure Information Technology(SIT) test laboratory in Germany have demonstrated how your lost iPhone or iPad can be jailbreaked to gain access to its command shell. This means an attacker can access the keychain to enter Apple’s password management system, enabling them to retrieve all your passwords entered from the device.
Scientists say that this attack over iPhone or iPad can be easily done by a software geek as in the iOS operating system, most of the files are accessible even if the device is locked. The researchers demonstrated how password in the keychain can be retrieved, save for the ones in other protection classes. The researchers claimed that with the removal of SIM card from the iPhone, they could also access very crucial passwords.
The researchers at the Fraunhofer Institute for Secure Information Technology conducted their tests with iPhone 4 and iPad WiFi+. Their basic approach was to get access to the file system, coping keychain access script to files system and executing the script. After using a jailbreaking tool to jailbreak the device and get access to its command shell, they ran a script to decrypt the passwords in the keychain. The decryption was done using the functions provided by default in the operating system itself. The researchers thus point out the hazards of losing an iPhone or iPad device. You can read the full research paper on the University’s Website.