Passwords stored on the iPhone can be stolen in 6 minutes

German researchers have found the way to hack into the locked iPhone and steal passwords in just six minutes without even cracking the phone’s passcode.

Researchers explained in a video footage that the attack targets Apple’s management system, a keychain. If an iPhone or iPad is stolen passwords for networks and corporate information systems can be easily misappropriated by crooks.

The researchers from the state-sponsored Fraunhofer Institute Secure Information Technology (Fraunhofer SIT), who conducted the study, say that the hack is based on existing exploits that provide access to large parts of the iOS file system even if a device is locked.

Thus, the first thing the researchers do is to jailbreak the phone using existing software tools. They then install an SSH server on the iPhone that allows software to be run on the phone.

After this they copy a keychain access script to the phone. The script uses system functions already in the phone to access the keychain entries and, as a final step, outputs the account details it discovers to the attacker.

The researchers explain how it is possible that the attack works. The cryptographic key on current iOS devices is based on material available within the device and is independent of the passcode which means that attackers with access to the phone can create the key from the phone in their possession without having to hack the encrypted and secret passcode.

Using the attack, researchers were able to access and decrypt passwords in the keychain, but not passwords in other protection classes.

Among passwords that could be revealed were those for Google Mail as an MS Exchange account, other MS Exchange accounts, LDAP accounts, voicemail, VPN passwords, WiFi passwords and some App passwords. Researchers published a paper with full details of the attack's results.