At least that’s what an experiment made by the famous German institute Fraunhofer (they’re the ones responsible for creating the mp3 compression, among many other things) has uncovered. What they’ve managed to prove is concerning however not exactly shocking considering the earlier bug discovered just a few months back.
Basically, if a would-be-hacker can gain possession of your iPhone, within a few minutes (6 minutes according to Fraunhofer) they might be able to decrypt the passwords stored in the iOS Keychain even if the device is protected with a PIN you’ve configured or your IT guy forced on the phone via ActiveSync. Once hacked, passwords including your GMAIL account, WIFI Passwords, LDAP and corporate accounts including VPN, Microsoft Exchange etc… So getting into the phone is obviously just the first step since most of the Juicy stuff is probably in your mailbox and across your company VPN.
Now granted… The chances of someone finding your phone who is actually nerdy enough to exploit a hack like this is pretty remote. Most thief’s or jealous girlfriends/boyfriends will check if the iPhone has a Passcode or not and give up there. So this shouldn’t be a problem for all you groovyReaders right! For the rest of you… Yeah, you better read my How-To for setting a Passcode on the iPhone.
Now, if your phone is taken or borrowed by that other .1%… Well, it really doesn’t matter how long or complex your password is today. Hopefully Apple will close up this gap shortly.
BTW – Here’s a groovyVideo from Fraunhofer showing how they break into the iPhone. Enjoy!