Wednesday June 19, 2013

Usability vs Security: Wifi Hotspot Password Edition

Excellent paper by Andreas Kurtz, Felix Freiling, Daniel Metz about how Apple’s usability focus affects the security of the iOS Wifi Hotspot feature:

We show that Apple iOS generates weak default passwords which makes the mobile hotspot feature of Apple iOS susceptible to brute force attacks on the WPA2 handshake. More precisely, we observed that the generation of default passwords is based on a word list, of which only 1,842 entries are taken into consideration.

They can crack 100% of the default generated passwords in seconds. There’s lots of technical detail about how they discovered the dictionary and reverse engineered the password generation mechanism. Read it and learn, but go change those hotspot passwords first.

(via Gizmodo)