iOS HotSpot Cracker Can Crack Personal Hotspots Passwords In Tens Of Seconds

On June 19, 2013

Personal Hotspot is an implemented system by Apple about 2 years ago, and it allows us to transform our devices into real Wi-Fi hotspots to share a mobile internet data connection with other devices. Although Apple praise its operating system security, it looks like the Personal HotSpot does not receive the same words from Nuremberg University researchers which discovered that passwords set for this system can be found through brute force attacks. Specifically, a script can check millions of passwords for Personal HotSpot before discovering the right one, the system designed by Apple is not having a locking mechanism after many attempts of entering some wrong combinations.

Moreover, the iOS dictionary contains only 1842 words from which the password is chosen, some of the words included in passwords are chosen more often than others, 18.5 million possible combinations can be tried by hackers. Based on these vulnerabilities, the researchers argue that a password can be cracked in no less than 50 seconds (minimum) using an application developed by them and called iOS HotSpot Cracker. The time period can vary depending on the chosen password and the terminal used for exploitation.

Theoretically, with any security method used to protect the hotspot, the application can crack the password only relying on recently used words combinations and words available in the dictionary of iOS, but the procedure can take between 25 seconds (using 4 graphics cards AMD Radeon HD 7970) and a few days using only an idevice. No matter how we see the situation, Personal HotSpot system is not extremely important, but it should still be protected.