|
||||||||
Researchers able to predict Apple iOS-generated hotspot passwords |
![]() |
|
|
Thread Tools | Search this Thread |
|
|
#1 |
|
Forum Member
Join Date: May 2006
Posts: 25,199
|
Researchers able to predict Apple iOS-generated hotspot passwords
Researchers able to predict Apple iOS-generated hotspot passwords
This list [of words] consists of around 52,500 entries, and was originated from an open-source Scrabble crossword game. Using this unofficial Scrabble word list within offline dictionary attacks, we already had a 100 percent success rate of cracking any arbitrary iOS hotspot default password," the researchers wrote. |
|
|
|
|
Please sign in or register to remove this advertisement.
|
|
|
#2 |
|
Forum Member
Join Date: Jul 2005
Posts: 3,474
|
Quote:
Researchers able to predict Apple iOS-generated hotspot passwords
This list [of words] consists of around 52,500 entries, and was originated from an open-source Scrabble crossword game. Using this unofficial Scrabble word list within offline dictionary attacks, we already had a 100 percent success rate of cracking any arbitrary iOS hotspot default password," the researchers wrote. Im guessing that people arent 'using' the hotspots right though
|
|
|
|
|
|
#3 |
|
Forum Member
Join Date: Apr 2005
Location: Scotland
Posts: 4,967
|
Who keeps their password default? Problem solved!
|
|
|
|
|
|
#4 |
|
Forum Member
Join Date: Jul 2002
Location: North Ayrshire
Posts: 11,399
|
shouldn't affect many people as hardly any carriers allow you to use the hotspot feature by default anyway
|
|
|
|
|
#5 |
|
Forum Member
Join Date: Sep 2008
Location: At college, in L.A.'s office
Posts: 54,221
|
What about Android-generated hotspots?
|
|
|
|
|
#6 |
|
Forum Member
Join Date: Aug 2009
Posts: 27,438
|
Quote:
What about Android-generated hotspots?
|
|
|
|
|
|
#7 |
|
Forum Member
Join Date: Apr 2005
Posts: 13,091
|
Quote:
You can choose your own password for Android hotspots. It does generate passwords as well, but that system has not yet been compromised as it has on iOS.
|
|
|
|
|
|
#8 |
|
Forum Member
Join Date: Apr 2005
Location: Scotland
Posts: 4,967
|
I have an issue with this story are we sure that this is on iOS6 as i just checked a fresh iPhone & iPad running iOS6.1 and the PH password is not a legible word and also includes numbers... Totally the opposite from what this is saying!
I smell a rat. |
|
|
|
|
|
#9 |
|
Forum Member
Join Date: Aug 2009
Posts: 27,438
|
Quote:
You can choose your own password for iOS hotspots too.
|
|
|
|
|
|
#10 |
|
Forum Member
Join Date: Apr 2005
Posts: 13,091
|
Quote:
The article seems rather dubious and exaggerated then, if that is indeed the case.
I've always thought it a bit strange that it shows the password in full within the hotspot menu on the phone though. |
|
|
|
|
|
#11 |
|
Forum Member
Join Date: May 2006
Posts: 25,199
|
Quote:
The article seems rather dubious and exaggerated then, if that is indeed the case.
|
|
|
|
|
|
#12 |
|
Inactive Member
Join Date: Jan 2003
Posts: 43,524
|
There is a balance here.
If they auto generate password that looks like *&v4G%9:mF±~€gR2 then people will just change them to something simple and easier to type like 11111111. A dictionary word followed by a number is not the worst idea. A larger dictionary and an extra digit, reverse the order, extra word. |
|
|
|
|
|
#13 |
|
Forum Member
Join Date: Apr 2005
Posts: 13,091
|
Quote:
There is a balance here.
If they auto generate password that looks like *&v4G%9:mF±~€gR2 then people will just change them to something simple and easier to type like 11111111. A dictionary word followed by a number is not the worst idea. A larger dictionary and an extra digit, reverse the order, extra word. |
|
|
|
|
|
#14 |
|
Forum Member
Join Date: May 2006
Posts: 25,199
|
I take some known text, usually lyrics, take some letters from it and mix it up with special characters and numbers. Easy to remember and very difficult to crack. Using a dictionary only is a big no. Here, if this is true, it is easy to find out an algorithm how a password is generated, a small dictionary plus something. Still difficult to do anything manually, but very easy for a computer.
|
|
|
|
|
|
#15 |
|
Inactive Member
Join Date: Jan 2003
Posts: 43,524
|
The most secure passwords it seems are actually of the form MonkeyTrousersPurpleGhostly if you check the numbers there are more combinations than v4G%9:mF and they are easier to remember.
|
|
|
|
|
|
#16 |
|
Forum Member
Join Date: Jan 2013
Location: West Midlands
Posts: 2,450
|
Quote:
Yeah, I've always had my own password. I wasn't even aware before this thread that the system generated passwords.
I've always thought it a bit strange that it shows the password in full within the hotspot menu on the phone though. |
|
|
|
|
|
#17 |
|
Forum Member
Join Date: Nov 2010
Location: London
Posts: 15,938
|
Mine was something like peak9292 by default. I doubt anyone would guess that.
You can create your own though, so I fail to see the point of this article. Furthermore, the top third of the screen goes blue when a device is connected to the hotspot, so it's not like you'd be unaware should anyone ever guess the passwords. |
|
|
|
|
|
#18 |
|
Inactive Member
Join Date: Jan 2003
Posts: 43,524
|
Quote:
Mine was something like peak9292 by default. I doubt anyone would guess that.
You can create your own though, so I fail to see the point of this article. Furthermore, the top third of the screen goes blue when a device is connected to the hotspot, so it's not like you'd be unaware should anyone ever guess the passwords. that was the point. it was using only 1842 words and 4 digits so there are only 18,420,000 passwords it needed to try. as opposed to a full set 8 digit password that has about 576,480,100,000,000 combinations and by the same technique would take 60 years. (incidentally if you add a digit to that a 9 digit would take 420 year and 10 digit 30,000) It's not about connecting an unauthorised device it's about the possibility of intercepting and reading the data. the risk is not massive, not that much data is sent in the clear these days, but it is real. a semi realistic scenario would be for a hacker with a high-end laptop to go somewhere busy, capture wifi data from everyone and store it whilst running the attack, discard it after the attack if it couldn't be broken and if it could automatically sift it for something useful. or maybe use it in a more targeted attack. |
|
|
|
|
|
#19 |
|
Forum Member
Join Date: May 2006
Posts: 25,199
|
Yes, that algorithm is way too simple. If they used 2-3 words, added the numbers somewhere randomly, mixed the upper/lower case it would be more fun. One should not dismiss it saying it's just a default. Not everybody changes it, they may think if OS proposes it it's good enough. It should not be a risk to use it. Focus is slowly moving from PCs to mobile devices and hackers will move as well. People put a lot of interesting information on their mobiles.
|
|
|
|
|
|
#20 |
|
Forum Member
Join Date: Sep 2003
Location: Bristol (BBC1 West)
Posts: 15,143
|
This would be less of a problem if you could change the SSID (name) of the Hotspot.
It will always match the name of the iPhone or iPad (which in most cases is going to be like "David's iPhone"). If you could change it, it'd be harder to know that the Hotspot was an iOS device and the chances of guessing the password would be substantially reduced (not to mention bringing many usability benefits). |
|
|
![]() |
|
All times are GMT. The time now is 11:07.


