Encrypting your iPhone backups? Time to choose a better password

Greg Kumparak, Mobile Crunch, 2/8/2010

If you’re using the backup encryption method introduced in iPhone OS 3.0 and your password is something like “cat”, “sex”, or “tetherball”, you should probably change it to something a bit more complicated. There be hackers wantin’ your goods!

Password recovery software company ElcomSoft has just released an iPhone backup cracking tool called iPhone Password Breaker.

Now, now – don’t panic. Unlike yesterday’s exploit, this isn’t some new security hole to worry about. In fact, it’s a tale as old as hacking itself: good ol’ fashion bruteforce.

The iPhone Password Breaker application is dictionary-based, meaning it gains access by cycling through a massive dictionary of words and common passwords (like the aforementioned “cat”, “sex”, and “tetherball”) and their variations (such as “c4t”, “s3x”, and “t3th3rb4ll”) until it finds the right one.

As I mentioned, this method is by no means anything new – dictionary attacks are the oldest and most rudimentary form of hacking. Ever try to guess your friends password by typing in random things you’d associate with them? That’s a dictionary attack – just with a much smaller dictionary.

However, this is the first time to our knowledge that someone has built a dictionary application specifically targeting the iPhone’s backup manifest file. As long as you play it safe (use good passwords, keep your backups secure), you should be fine – just know that such tools exist now.

Trackback

Related posts:

1. Cracking software retrieves iPhone 4 passwords: No jailbreaking necessary Dan Goodin, The Register, 8/5/2010 A Russian password-cracking company has released software it says can recover passwords stored on Apple’s...
2. Web service automates WordPress password cracking John Leyden, The Register, 11/30/2009 Malefactors debut Hacking as a Service Hackers have developed a distributed WordPress admin account cracking...
3. Apple’s latest iPhone OS 4 beta adds customizable user dictionary AppleInsider Staff, AppleInsider, 5/20/2010 Users will be able to add and edit their own words to the iPhone’s dictionary when...

• TwitterCounter

• Categories

  • Mobile Technology (1318)
    • Android (516)
    • Blackberry (254)
    • iPhone (625)
    • Palm (HP) (148)
    • Symbian (90)
    • WinPhone (99)

• Archive

  Select Month February 2012  (2) January 2012  (19) December 2011  (15) November 2011  (18) October 2011  (15) September 2011  (26) August 2011  (27) July 2011  (14) June 2011  (22) May 2011  (21) April 2011  (20) March 2011  (24) February 2011  (19) January 2011  (27) December 2010  (22) November 2010  (30) October 2010  (31) September 2010  (37) August 2010  (30) July 2010  (22) June 2010  (46) May 2010  (46) April 2010  (50) March 2010  (119) February 2010  (132) January 2010  (112) December 2009  (126) November 2009  (89) October 2009  (101) September 2009  (36) August 2009  (8) June 2009  (12)

• Tag Cloud

  3G 4G API AT&T Bluetooth CDMA Cisco Clearwire Cloud CTIA EDGE Ericsson FCC Femtocell Flash GPS GSM Hotspot HP HSPA HTC HTML5 IM JailBreak Linux LTE Malware MiFi MMS Motorola NFC Nokia Push Samsung SDK Skype SMS Sprint T-Mobile Tether Verizon Vodafone VoIP WiFi WiMax

• UserOnline

  7 Users Online