Security researchers in Germany have discovered a security flaw that could potentially give hackers access to passwords stored on iPhones even if the devices are protected with a password lock. The exploit requires physical access to the iPhone, and took the researchers only six minutes to execute, according to PCWorld.
The security flaw was discovered by the Fraunhofer Institute Secure Information Technology.
Exploit exposes passwords on locked iPhones
“As soon as attackers are in the possession of an iPhone or iPad and have removed the device’s SIM card, they can get a hold of e-mail passwords and access codes to corporate VPNs and WLANs as well,” the research team said.
According to the research team, they were able to access passwords for GMail accounts, Microsoft Exchange accounts, LDAP, VPN logins, voicemail, applications and Wi-Fi networks.
The hack involves jailbreaking the iPhone, then installing an SSH server — tasks that aren’t beyond experienced user’s skill set, but average users may not be interested in undertaking.
Since the attack works on iPhones that are protected with passcodes, this isn’t something that a hacker is likely to try with the victim around. Instead, this is an attack that will more likely happen after an iPhone has been lost or stolen.
The security team is advising “Owner’s of a lost or stolen iOS device should therefore instantly initiate a change of all stored passwords” to protect against this potential attack.
Apple hasn’t commented on the exploit or said if a patch is in the works.