VIDEO: How to steal passwords from a locked iPhone

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

iPhoneGerman researchers say that they have found a way to steal passwords stored on a locked Apple iPhone in just six minutes.

And they can do it it without cracking the iPhone’s passcode.

Researchers from the Fraunhofer Institute Secure Information Technology (Fraunhofer SIT) say that the attack targets Apple’s password management system – known as the keychain.

Here’s a YouTube video where the German researchers demonstrate their attack in action:

Sign up to our free newsletter.
Security news, advice, and tips.
[youtube=http://www.youtube.com/watch?v=uVGiNAs-QbY&w=500&h=311&rel=0]

The only hint of a consolation is that the attack can not be done remotely – the attackers need physical access to your iPhone to steal information.

But if the attacker only needs to have his hands on your iPhone for six minutes, how much of a comfort is this really? Don’t forget, it’s not unusual for people to lose their mobile phones or leave them unattended on their desk while they pop off to the coffee machine.

Attack on iPhone revealing passwords

According to material published by Fraunhover Insitute SIT, sensitive password information can be extracted from a user’s iPhone without needing to know the passcode.

Passwords accessible through iPhone attack

The researchers claim that all iPhone and iPad devices containing the latest firmware are vulnerable. At a time when Apple and its fans are pushing hard for more companies to bring iPhones into the enterprise there will undoubtedly be concerns if these vulnerability claims are found to be true.

All eyes must now turn to Cupertino to see what Apple has to say about this.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.