Default iOS Personal Hotspot Passwords Can Be Cracked In 50 Seconds
Having an iPhone in your pocket is not only a one-way ticket to endless possibilities in gaming, browsing and productivity, but the native internet tethering feature ensures you have a personal hotspot right there whenever you need it. Provided, of course, you have decent cellular coverage, you can fire up your notebook, tablet, or any other Wi-Fi capable device, and connect straight to the World Wide Web. But while Apple tries to offer a helping hand by automatically generating a password for you, it has emerged that the random assortment of characters that the Cupertino company fires up for you may not be as secure as you’d hoped.
Of course, most folks will look to utilize their own network keys for the sake of remembrance, but even so, if Apple makes one up for you on the spot, your confidence in the company would make you feel relatively safe in using it.
According to a new study, the authentication codes generated by iOS use a specific formula, one that any decent hacker could guess in a matter of seconds. Obviously, this makes for rather disconcerting reading, and although the chances of your hotspot being hacked by a knowledgeable individual and exploited for unscrupulous ends remains rather remote, it should be enough to prompt the security conscious into coming up with something alternative.
If you’ve always presumed that iOS’s automatically generated passwords were secure and random, you’ve no reason to feel foolish. Apple makes a point of ensuring the security of its users is a big priority, but on this occasion, the hotspot code is little more than a short word from the dictionary, followed by some random numbers.
On its own, that does sound secure, but rather than picking a word from the dictionary, Apple has narrowed it down to 1,842 words, which makes things just that bit easier for some who is a good guesser.
Those involved in the study had 100% password-cracking success rate, so if you do happen to roll with an Apple-made password, you should probably change it to something you’ve made up yourself.
With that said, you should probably avoid anything simple, i.e. something involving your date of birth, name, abc, or 123. It’s best to keep a password which is a combination of different symbols and letters. I know, it’s hard to remember, but still, better be safe than sorry.