The iPhone’s Wi-Fi hotspot security is vulnerable to hackers’ brute force attacks, according to researchers from the University of Erlangen-Nuremberg in Germany. The security vulnerability is due to the method that Apple (NASDAQ:AAPL) uses to randomly generate passwords for protecting the iPhone’s mobile hotspot, reports GigaOM.
In the report, the researchers noted: “Apple iOS generates weak default passwords which makes the mobile hotspot feature of Apple iOS susceptible to brute force attacks on the WPA2 handshake. More precisely, we observed that the generation of default passwords is based on a word list, of which only 1,842 entries are taken into consideration. In addition, the process of selecting words from that word list is not random at all, resulting in a skewed frequency distribution and the possibility to compromise a hotspot connection in less than 50 seconds.”
In other words, Apple needs to increase the size of the word list that it uses to produce its passwords. It also may need to adjust the process that it uses to “randomly generate” passwords from the list since the researchers discovered that particular words were selected more often than others.
It should be noted that the researchers conducted their study on Apple’s iOS 6, so it is quite likely that Apple will patch this security loophole for the new iOS 7. Although this vulnerability does not automatically give an attacker access to your iPhone, it does allow a savvy hacker to stage attacks on any devices connected to the network.