Apple’s iPhone Wi-Fi Hotspot Security Not So Hot


The iPhone’s Wi-Fi hotspot security is vulnerable to hackers’ brute force attacks, according to researchers from the University of Erlangen-Nuremberg in Germany. The security vulnerability is due to the method that Apple (NASDAQ:AAPL) uses to randomly generate passwords for protecting the iPhone’s mobile hotspot, reports GigaOM.

In the report, the researchers noted: “Apple iOS generates weak default passwords which makes the mobile hotspot feature of Apple iOS susceptible to brute force attacks on the WPA2 handshake. More precisely, we observed that the generation of default passwords is based on a word list, of which only 1,842 entries are taken into consideration. In addition, the process of selecting words from that word list is not random at all, resulting in a skewed frequency distribution and the possibility to compromise a hotspot connection in less than 50 seconds.”

Is Apple now a once-in-a-decade buying opportunity? Click here to get your 24-page Ultimate Cheat Sheet to Apple’s Stock now!

In other words, Apple needs to increase the size of the word list that it uses to produce its passwords. It also may need to adjust the process that it uses to “randomly generate” passwords from the list since the researchers discovered that particular words were selected more often than others.

It should be noted that the researchers conducted their study on Apple’s iOS 6, so it is quite likely that Apple will patch this security loophole for the new iOS 7. Although this vulnerability does not automatically give an attacker access to your iPhone, it does allow a savvy hacker to stage attacks on any devices connected to the network.

However, this security vulnerability is not only found on Apple’s devices. The researchers also reported, “Spot tests show that other mobile platforms are also affected by similar problems.”

For example, the researchers pointed out that Microsoft’s (NASDAQ:MSFT) Windows Phone 8 uses default passwords that consist of only 8-digit numbers. The researchers also noted that many vendors of Android-based devices weakened Android’s strong default password generators by using less effective algorithms in their modified versions of Google’s (NASDAQ:GOOG) mobile operating system.

NEW! Discover a new stock idea each week for less than the cost of 1 trade. CLICK HERE for your Weekly Stock Cheat Sheets NOW!

Here’s how Apple stock is trading today.


Follow Nathanael on Twitter (@ArnoldEtan_WSCS)

Don’t Miss: Apple’s iPad Gets Educational in Los Angeles.