Researchers Crack iOS-Generated Hotspot Passwords in 50 Seconds

by

personalhotspotWhen tethering an iPhone or an iPad, iOS users have the option of using an automatically generated password for their personal hotspots, which Apple implemented to provide all users with a secure password option.

According to researchers at Germany's University of Erlangen (via ZDNeT), the way that the keys are generated – with a combination of a short English word along with random numbers – is predictable to the point where the researchers are able to crack the hotspot password in less than a minute.

In their paper, the three researchers detail the process that they used to figure out the weak spots in the hotspot's protection. Apple's word list uses approximately 52,500 entries, so initially, cracking the hotspot took almost 50 minutes. After finding a WiFi connection, the researchers used an AMD Radeon HD 6990 GPU to run through word and number combinations.

"This list consists of around 52,500 entries, and was originated from an open-source Scrabble crossword game. Using this unofficial Scrabble word list within offline dictionary attacks, we already had a 100 percent success rate of cracking any arbitrary iOS hotspot default password," the researchers wrote.

The team discovered that only a small set of Apple's larger word list was being used, so with GPU cluster of four AMD Radeon HD 7970s, they narrowed their iOS-generated hotspot password cracking time down to just 50 seconds. In the paper, the team goes on to criticize Apple's password generation standards, suggesting that system generated passwords be composed of random letters and numbers.

"In the context of mobile hotspots, there is no need to create easily memorizable passwords. After a device has been paired once by typing out the displayed hotspot password, the entered credentials are usually cached within the associating device, and are reused within subsequent connections," the paper states.

"System-generated passwords should be reasonably long, and should use a reasonably large character set. Consequently, hotspot passwords should be composed of completely random sequences of letters, numbers, and special characters."

As noted by ZDNet though Apple's password generation system is flawed, it is a more robust solution than what is used by other companies like Microsoft. For example, the Windows 8 phone utilizes default passwords that consist of eight digit numbers.

To avoid a weak iPhone hotspot password, users can still choose to use passwords of their own creation, which should contain a sequence of random numbers and letters for enhanced security.

Popular Stories

iOS 18

Apple Expected to Release iOS 18.3 Next Week With These New Features

Thursday January 23, 2025 6:41 am PST by
iOS 18.3 should be released to the public next week, following beta testing since mid-December. While the software update is a relatively minor one, it still includes a handful of new features, changes, and bug fixes for iPhones. Below, we recap everything new in iOS 18.3. Notification Summary Changes Examples of inaccurate Apple Intelligence notification summaries Apple Intelligence...
Read Full Article29 comments
Apple Pay Walmart Feature

Walmart Stands Firm on Why It Doesn't Accept Apple Pay in the U.S.

Thursday January 23, 2025 7:32 am PST by
Walmart still does not accept Apple Pay or other NFC payments at its more than 4,600 stores across the U.S., and it stood firm on its reasoning for that today. A spokesperson for Walmart today informed MacRumors that its position on contactless payments has not changed since we last reached out about the matter in 2022. The big-box retailer said it remains focused on its own convenient...
Read Full Article359 comments
iOS 18

5 New Things Your iPhone Can Do in iOS 18.3

Friday January 24, 2025 1:55 am PST by
Apple is set to release iOS 18.3 next week, bringing further refinements to Apple Intelligence features, a couple of neat new capabilities to iPhone 15 Pro and iPhone 16 devices, and bug fixes. While not quite as packed with new features as Apple's preceding iOS 18 point releases, iOS 18.3 still introduces capabilities that aim to make your iPhone smarter and more intuitive. Below, we've...
Read Full Article26 comments
apple tv 4k new orange

New Apple TV Launching This Year With These New Features

Wednesday January 22, 2025 6:01 pm PST by
A new Apple TV is expected to be released later this year. In this article, we recap rumored features and changes for the device. The next Apple TV will be equipped with Apple's own combined Wi-Fi and Bluetooth chip, according to Bloomberg's Mark Gurman. He said the chip supports Wi-Fi 6E, which would be an upgrade over the current Apple TV's standard Wi-Fi 6 support. Wi-Fi 6E extends the...
Read Full Article
iOS 18

Here Are Apple's Full Release Notes for iOS 18.3

Tuesday January 21, 2025 4:31 pm PST by
Apple provided developers and public beta testers with the release candidate version of iOS 18.3 today, and with it comes release notes confirming what's new. While we knew about several of the features that are in the update, there are some lesser known tweaks and bug fixes. The update adds new Visual Intelligence features for iPhone 16 models, it tweaks Notification summaries on all...
Read Full Article52 comments
Generic iOS 18

iOS 18.4 Beta Coming Soon With These New Features for Your iPhone

Friday January 24, 2025 8:16 am PST by
iOS 18.3 is expected to be widely released next week, and that means the first iOS 18.4 beta for iPhones should be just around the corner. Apple has previously implied that iOS 18.4 will be released in April, as that is when it promised to make Apple Intelligence available in even more languages. Below, we outline what to expect from iOS 18.4 so far. Apple Intelligence for Siri Siri ...
Read Full Article34 comments
truecaller

Truecaller iOS Update Rolls Out Real-Time Caller ID Support

Wednesday January 22, 2025 2:07 am PST by
Popular caller ID app Truecaller is rolling out an update that brings real-time caller ID support to its iOS subscribers. Apple introduced Live Caller ID Lookup in iOS 18, allowing third-party caller ID apps to securely retrieve information about a caller from their servers, hence today's Truecaller update. iPhone users can enable the Live Caller ID Lookup feature by going to Settings ➝ ...
Read Full Article64 comments
iPhone SE 4 Single Camera Thumb 3

iOS 18.3 Leak Provides Clue About iPhone SE 4, iPad 11, and iPad Air 7 Launch Timing

Wednesday January 22, 2025 9:39 am PST by
New information has surfaced that indicates the rumored iPhone SE 4, iPad 11, and new iPad Air models are nearing launch. A private account on social media platform X today revealed that iOS 18.3 or iPadOS 18.3 will be preinstalled on all of those upcoming devices when they are released. It is still unclear exactly when the devices will launch, but this information suggests that Apple will...
Read Full Article8 comments
Generic iOS 19 Feature Mock Light

iOS 19 Leak Reveals All-New Design

Friday January 17, 2025 2:42 pm PST by
iOS 19 is still around six months away from being announced, but a new leak has allegedly revealed a completely redesigned Camera app. Based on footage it obtained, YouTube channel Front Page Tech shared a video showing what the new Camera app will apparently look like, with the key change being translucent menus for camera controls. Overall, the design of these menus looks similar to...
Read Full Article

Top Rated Comments

cutmoney Avatar
cutmoney
152 months ago
Wow, I guess next time I setup a personal hotspot to check my email on my laptop, I'd better watch out for someone nearby with a "GPU cluster of four AMD Radeon HD 7970s". I mean seriously, who sets up a wireless hotspot on their iPhone using the password generator and then transmits some sensitive data which is at risk of (and in range of) some hacker that would have the ability (or desire) to crack their wireless hotspot security? It's hard enough to even get people to turn on any security much less worry about whether it could potentially be hacked. These "researchers" need to spend their time on something more useful.
Score: 13 Votes (Like | Disagree)
Walter White Avatar
Walter White
152 months ago
I always use my birthdate as password.
Score: 12 Votes (Like | Disagree)
kkat69 Avatar
kkat69
152 months ago
Mines easy, no need for massive data crunching... 1-2-3-4-5. I use the same on my luggage.
Score: 10 Votes (Like | Disagree)
MaxxTraxx Avatar
MaxxTraxx
152 months ago
I can imagine folks just roaming airports with these AMD systems looking for iPhone passwords.
Score: 10 Votes (Like | Disagree)
ziggyonice Avatar
ziggyonice
152 months ago
This does not appear to be an issue in iOS 7.

The passwords generated in the beta are not based on dictionary words and are considerably more randomized.
Score: 9 Votes (Like | Disagree)
Menel Avatar
Menel
152 months ago
" so with GPU cluster of four AMD Radeon HD 7970s"

Using my iPad out in a park away from building WIFI. I think that, with a gas generator out in a park might be obvious and suspicious...

Also, use Bluetooth. The connection is persistent. iPad reconnects without fiddling with Phone because the phone doesn't idle it's bluetooth like it does WIFI. Also more secure as you will have to manually approve the connection. Problem solved, and everything fixed.
Score: 9 Votes (Like | Disagree)
Read All Comments