Tethered and vulnerable: Hotspot password FAIL not just in iPhones

Found on The Register on Monday, 01 July 2013

The recent discovery that Apple's iOS hotspot passwords are readily crackable in under 50 seconds is part of a wider problem involving other smartphone platforms, claim researchers.

"Anyone who knows your WPA key and is around when you connect to your network can decrypt your traffic in real time," Ducklin warns. "And anyone who is around when you connect and can sniff your traffic can attempt to crack the password and decrypt your traffic later. Choose your own passphrase, and make it a good one, when using iOS's Personal Hotspot," he concludes.

Maybe these weaknesses exist by design. Encryption itself is strong and can keep data secure, but not with a weak password. Since a new, but weak, encryption would never be used there need to be other ways to access the data. A decent looking, but still insecure password might be just what pleases intelligence services.

Browse all articles« Previous « » Next »