The password generated automatically when using tethering of iOS 6 can break through in 24 seconds

The tethering function of sharing smartphone's net connection with Wi-Fi or USB connection is quite useful, but if you are using "iOS 6" on iPhone or iPad, the password automatically generated when using tethering is only 24 seconds It was discovered by the German team of researchers that it could break through with.

Usability vs. Security: The Everlasting Trade-Off in the Context of Apple iOS Mobile Hotspots - hotspot.pdf
https://www1.cs.fau.de/filepool/projects/hotspot/hotspot.pdf

New attack cracks iPhone autogenerated hotspot passwords in seconds | Ars Technica
http://arstechnica.com/security/2013/06/new-attack-cracks-iphone-autogenerated-hotspot-passwords-in-seconds/

Germany'sFriedrich-Alexander UniversityThe research team of the Department of Computer Science studies iOS 6reverse engineeringAs a result, we found that the password automatically generated when using tethering is a 4 to 6 digit word plus a 4 digit number. In addition, all words contained in the automatically generated password are open source word games that are available onlineScrabbleIt was included in the word list of.

Researchers will install 4 GB of high speed GDDR 5 memory with dual core GPU with all combinations of words contained in scrabble word list and 4 digit numbers added to the word when generating passwordAMD Radeon HD 6990When I tried to calculate it, it took only 49 minutes to verify all the combinations, I knew how many combinations of passwords were in less than an hour.

ByMarsmettnn tallahassee

After further research, it turned out that iOS 6 uses the program "automatically pulled out from iOS 6 English dictionary" 4 to 6 digit words automatically generated by the tethering function. As a result, we found that the total number of words required to predict words used in automatic password generation is about 18.5 million.

Furthermore, it is also found that a certain word is more likely to be selected when automatically generating a password than other words, for example, "Sueve"Subbed"Headed"Was easy to be chosen as the default password by 10 times more than the others, including 10 words. The table below is the top 10 word that is easy to use for automatic password generation, "RF"Indicates the frequency of use.


With the results of the research, researchers succeeded in dramatically reducing the time required for password analysis. Using the results of the previous study, fourAMD Radeon HD 7970When we analyzed the password with multi GPU using, we could guess 390,000 passwords per second and it took only 24 seconds to derive the correct password.

Also, it is a wireless LAN encryption methodWPAIshashGeneration is slowPBKDF 2Since we are using the function, researchers point out that cracking has tremendous trials and time, but it is meaningless if the password choice is poor.

ByDarren Shaw

If iOS 6 automatically generates passwords including uppercase letters, lowercase letters, numerals etc of the alphabet, cracking should have taken a huge amount of time. In other words, when connecting to the Internet using iSeries tethering, chances are that cracking will occur if you change the password that is issued automatically differently.