Researchers Crack iOS-Generated Hotspot Passwords in 50 Seconds

by

personalhotspotWhen tethering an iPhone or an iPad, iOS users have the option of using an automatically generated password for their personal hotspots, which Apple implemented to provide all users with a secure password option.

According to researchers at Germany's University of Erlangen (via ZDNeT), the way that the keys are generated – with a combination of a short English word along with random numbers – is predictable to the point where the researchers are able to crack the hotspot password in less than a minute.

In their paper, the three researchers detail the process that they used to figure out the weak spots in the hotspot's protection. Apple's word list uses approximately 52,500 entries, so initially, cracking the hotspot took almost 50 minutes. After finding a WiFi connection, the researchers used an AMD Radeon HD 6990 GPU to run through word and number combinations.

"This list consists of around 52,500 entries, and was originated from an open-source Scrabble crossword game. Using this unofficial Scrabble word list within offline dictionary attacks, we already had a 100 percent success rate of cracking any arbitrary iOS hotspot default password," the researchers wrote.

The team discovered that only a small set of Apple's larger word list was being used, so with GPU cluster of four AMD Radeon HD 7970s, they narrowed their iOS-generated hotspot password cracking time down to just 50 seconds. In the paper, the team goes on to criticize Apple's password generation standards, suggesting that system generated passwords be composed of random letters and numbers.

"In the context of mobile hotspots, there is no need to create easily memorizable passwords. After a device has been paired once by typing out the displayed hotspot password, the entered credentials are usually cached within the associating device, and are reused within subsequent connections," the paper states.

"System-generated passwords should be reasonably long, and should use a reasonably large character set. Consequently, hotspot passwords should be composed of completely random sequences of letters, numbers, and special characters."

As noted by ZDNet though Apple's password generation system is flawed, it is a more robust solution than what is used by other companies like Microsoft. For example, the Windows 8 phone utilizes default passwords that consist of eight digit numbers.

To avoid a weak iPhone hotspot password, users can still choose to use passwords of their own creation, which should contain a sequence of random numbers and letters for enhanced security.

Popular Stories

iPhone Air

Report: 'Virtually No Demand' for iPhone Air

Wednesday October 22, 2025 3:22 am PDT by
Apple is "drastically" cutting production of the iPhone Air and shifting focus toward the iPhone 17 and iPhone 17 Pro models, Nikkei Asia reports. The business publication claims to have learned of a major cut to iPhone Air production motivated by weaker-than-expected consumer interest, nearly to "end of production levels." Despite early reports of the iPhone Air selling out within hours of...
Read Full Article523 comments
sam sung auction

Former Apple Employee Sam Sung Changed His Name to Avoid Attention

Wednesday October 22, 2025 4:44 pm PDT by
Back in 2012, an Apple retail employee named Sam Sung went viral because his name is similar to Samsung, one of Apple's main competitors. In a recent interview with Business Insider, he detailed that period in his life, how Apple responded, and he explained why he ultimately changed his name. Someone posted an image of Sung's Apple business card on Reddit in 2012, and it spread rapidly....
Read Full Article96 comments
cadillac lyric infotainment

GM to Remove CarPlay from All Future Vehicles, Including Gas Cars

Wednesday October 22, 2025 11:34 am PDT by
General Motors began phasing out support for CarPlay in its electric vehicles back in 2023, leading to complaints from iPhone users, but the company has no plans to back down. In fact, GM is going further and plans to remove CarPlay from all future gas vehicles, too. In an interview with The Verge, GM CEO Mary Barra said that the company opted to prioritize its platform for EVs, but the...
Read Full Article438 comments
All Screen iPhone 2027 Feature 1

Apple's Plan to Launch Three New iPhone Designs Allegedly Revealed

Wednesday October 22, 2025 6:24 am PDT by
Apple plans to launch a new type of iPhone every year for the foreseeable future, according to an Asia-based source. The detailed information was shared by the account "yeux1122" in a blog post on the Korean platform Naver, citing domestic trend and component research companies. Corroborating other reports, Apple will apparently launch its first foldable iPhone in 2026, featuring a...
Read Full Article132 comments
iOS 26

iOS 26.1 Coming Soon With These 8 New Features for Your iPhone

Wednesday October 22, 2025 6:15 am PDT by
The upcoming iOS 26.1 update includes a handful of new features and changes for iPhones, including a toggle for changing the appearance of the Liquid Glass design, "slide to stop" for alarms in the Clock app, and more. iOS 26.1 is currently in beta testing. The update will likely be released in the first half of November, and it is compatible with the iPhone 11 series and newer, but some...
Read Full Article31 comments
ios 26 1 liquid glass opaque

iOS 26.1 Beta 4 Lets Users Control Liquid Glass Transparency with New Toggle

Monday October 20, 2025 10:57 am PDT by
With the fourth betas of iOS 26.1, iPadOS 26.1, and macOS 26.1, Apple has introduced a new setting that's designed to allow users to customize the look of Liquid Glass. The toggle lets users select from a clear look for Liquid Glass, or a tinted look. Clear is the current Liquid Glass design, which is more transparent and shows the background underneath buttons, bars, and menus, while tinted ...
Read Full Article212 comments
maxresdefault

Apple's iPhone Air Experiment Fails as Supply Chain Cuts Production by 80%

Wednesday October 22, 2025 10:48 am PDT by
iPhone Air demand failed to meet Apple's expectations and the company's supply chain is scaling back shipments and production, reports Apple analyst Ming-Chi Kuo. Subscribe to the MacRumors YouTube channel for more videos. Suppliers are expected to reduce capacity by more than 80 percent between now and the first quarter of 2026, and some components with longer lead times will be discontinued ...
Read Full Article635 comments
All Screen iPhone 2027 Feature 1

Report: Apple to Skip 'iPhone 19' Name for 'iPhone 20'

Thursday October 23, 2025 4:28 am PDT by
Apple's new iPhone lineup launched in the fall of 2027 will be called the "iPhone 20" models, rather than the "iPhone 19," according to research firm Omdia. Speaking at a conference in Seoul (via ETNews), Omdia Chief Researcher Heo Moo-yeol corroborated rumors that Apple plans to move the launch of its standard iPhone to the first half of the year and provided some additional clarity about...
Read Full Article144 comments
iOS 26

What's New in iOS 26.1 Beta 4

Monday October 20, 2025 1:02 pm PDT by
Even though we're at the fourth beta of iOS 26.1, Apple is continuing to add new features. In fact, the fourth beta has some of the biggest changes that we'll get when iOS 26.1 releases to the public later this month. We've rounded up what's new below. Liquid Glass Transparency Toggle Apple added a toggle for customizing the look of Liquid Glass. In Settings > Display and Brightness,...
Read Full Article35 comments

Top Rated Comments

cutmoney Avatar
cutmoney
161 months ago
Wow, I guess next time I setup a personal hotspot to check my email on my laptop, I'd better watch out for someone nearby with a "GPU cluster of four AMD Radeon HD 7970s". I mean seriously, who sets up a wireless hotspot on their iPhone using the password generator and then transmits some sensitive data which is at risk of (and in range of) some hacker that would have the ability (or desire) to crack their wireless hotspot security? It's hard enough to even get people to turn on any security much less worry about whether it could potentially be hacked. These "researchers" need to spend their time on something more useful.
Score: 13 Votes (Like | Disagree)
Walter White Avatar
Walter White
161 months ago
I always use my birthdate as password.
Score: 12 Votes (Like | Disagree)
kkat69 Avatar
kkat69
161 months ago
Mines easy, no need for massive data crunching... 1-2-3-4-5. I use the same on my luggage.
Score: 10 Votes (Like | Disagree)
MaxxTraxx Avatar
MaxxTraxx
161 months ago
I can imagine folks just roaming airports with these AMD systems looking for iPhone passwords.
Score: 10 Votes (Like | Disagree)
ziggyonice Avatar
ziggyonice
161 months ago
This does not appear to be an issue in iOS 7.

The passwords generated in the beta are not based on dictionary words and are considerably more randomized.
Score: 9 Votes (Like | Disagree)
Menel Avatar
Menel
161 months ago
" so with GPU cluster of four AMD Radeon HD 7970s"

Using my iPad out in a park away from building WIFI. I think that, with a gas generator out in a park might be obvious and suspicious...

Also, use Bluetooth. The connection is persistent. iPad reconnects without fiddling with Phone because the phone doesn't idle it's bluetooth like it does WIFI. Also more secure as you will have to manually approve the connection. Problem solved, and everything fixed.
Score: 9 Votes (Like | Disagree)
Read All Comments