Hack reveals passwords from locked iPhones and iPads

The way (k)ubuntu handles it is ridiculous

My wlan password is not a highly secure secret - it's just something I don't want to actively go round telling to random strangers in passing. I therefore really don't want to put it in the keychain and be forced to type in a root password during boot. The only easy way to avoid typing in the password during boot is to set the keychain password to blank, which then exposes my other passwords to an active hacker. For convenience (and given how little I use the keychain) this is worth it, but it's hardly good security.

Yes they need to be ...

because they are being presented automatically to other systems which require plaintext username/passwords (hopefully over SSL - for those services which allow it). This is no different to browsers remembering user credentials for websites and performing auto-fill of logon forms.

The difficulty is that the master password to unlock the keychain is not being set by the end-user (its probably generated randomly at firmware install time [and hidden somewhere in eerom] or locked to a hardware id) but instead is accessed automatically through API calls ... If Apple enforce the same keychain unlocking functionality found in OSX and the problem goes away (well it gets harder to break and requires brute forcing .. which should cause autowiping of the data after 10 attempts).

I have worked on the design of a similar system in the past

There is bugger all you can do. You can be extremely inventive on what you chose for the passphrase which unlocks a device certificate or the encrypted password storage (a good design should just reuse the cert for the pass-store anyway). However, the passwords themselves kept in the passwords storage need to be clear text. There are very few protocols out there which support an authentication mechanism where the client does not need to keep a cleartext password.

Similarly, there is very little to be done against such an attack. A similar attack can be devised for other phone OS-es. Nokia, Android, etc all keep passwords somewhere and an application which has managed to achieve system privs will have no problem reading them out of the password store.

you just set autolock

problem sorted.

No, it's very easy to solve

It's not a hard problem at all. For example, Symbian OS solved this one about six years ago. It's just sheer laziness.

What's required is a sensible security model where the data isn't released to any tom, dick or harry process that asks in the right way. Only one process ever needs to read your WiFi or VPN credentials, and that should be the only process that can read it. For the most part, email or browser passwords are similar except in the case where you might want to share accounts between multiple clients, though I don't think I've ever seen such an arrangement.

The folly here is relying on a security model that was invented in the 70s for multi-user mainframes to secure single user devices almost half a century later.

thanks for being another one

Another moron who didn't bother to actually read or understand the source before commenting.

First off, this only exposes a small number of passwords, not all of them. Why not? well, MOST of the passwords on iOS 4 are already using 2 available encryption technologies preventing their access. These are the password systems 3rd party apps have access to (and are encouraged to use), Apple mail uses, Safari uses, and more. The number of core apps supporting this has been increasing with each further release of 4.x. It is simply a matter of completing the process on VPN, Exchange, and IMAP account access systems in order to close this gap.

Oh, and for the rest of you, you do realize the very same data is stored in a database on Android, accessible WITHOUT even jailbreaking the device, right? You know, since the base file system on Android is NOT EVEN ENCRYPTED as it is by default in iOS 4.

and physical access, if they have it, you loose, period. Matters not the device make or OS revision, they have ALL been hacked. This is a low priority threat requiring detailed knowledge and access to unreleased code, access physically to a device, and all it gets a hacker is access to your VPN passwords (which without additional authentication is useless), and/or access to an iMAP e-mail account (and if you're storing data inside your mail server that's critical, you already failed, your e-mail passwords are easy enough to get by a number of active bot networks).

Maybe it isn't just "Game Over"

Depending on WHOSE iPhone is stolen, it could be "Game's JUST Beginning", and that would be very bad for certain people.