If you frequently use your iPhone as a wireless hotspot you might want to listen up: researchers from the Friedrich-Alexander University in Germany found that they were able to crack the default pre-shared key (PSK) authentication method in iOS 6 (and below) in 24 seconds. While users can always set their own pre-shared key, many mobile devices including the iPhone often propose a default one for the user. It’s this default key that the researchers have issue with.
“We found out that hotspot default passwords consist of 4 to 6 characters, followed by a four-digit number,” the researchers explained. “As this scheme enables only a very limited number of possible password combinations, the limited search space already makes the mobile hotspot feature of Apple susceptible to brute force attacks on the WPA handshake.”
This is a huge problem. If someone gains access to your Internet connection you are responsible for the activities they perform while they’re connected, the researchers warn, and it also exposes all of your phone data to hackers, and could enable them with the ability to install unauthorized software.
The group used the aforementioned brute force attacks, combined with an open-source Scrabble word list, to hack the passwords 100 percent of the time, though that method took about 49 minutes. The scientists then reverse engineered the method iOS uses to generate its passwords, which drastically eliminates the number of entries it needs to try in order to find a successful word match. It turns out that Apple only chooses one of 1,842 different words when it generates a mobile hotspot passwords, and using those words and the group’s own custom hacking app, the researchers were able to crack a default iOS hotspot password in just 24 seconds. That method was on a computer with four AMD Radeon HD 7970 graphics processing units (GPUs). It took 52 seconds with a computer running a single AMD Radeon HD 6990 GPU and three minutes 18 seconds with two NVIDIA Tesla 2075 GPUs.
The most common words that are used include suave, subbed, headed, head, header, coal, ohms, coach, reach and macaws, and the researchers said those words are 10 times more likely to turn up in the password generation than any other words in the dictionary.
The group also tested Windows Phone 8 devices, which it said would be “practicable” to hack, and Android. They found that HTC devices that use a simple 1234567890 string by default are particularly insecure, but did not draw final conclusions on either platform.
Lesson learned? Set your own hotspot password, and make it a good one.