There is no such thing as perfect security, but it can be better than the current state of affairs. Researchers at the Fraunhofer Institute in Germany have demonstrated an easy and repeatable way to get at the accounts including passwords stored on an iPhone.
They have to have actual physical possession of the phone being hacked, but this makes lost or stolen phones completely insecure - which is bad news for the corporate use of the iPhone. Given that the procedure only takes six minutes, it is even possible that the phone could be removed, compromised and returned without the user being aware that all their account information has been downloaded.
The attack is directed against keychain, the account/password manager which stores user details including passwords and certificates used to access third party systems such as corporate networks and email accounts.
The keychain is regarded as secure because in a locked phone the user's passcode is required to access it. Unfortunately there are ways to access keychain without knowing the passcode and the real surprise is that once you get into keychain it contains a great deal of information in unencrypted form. In other words, it relies on the phone's main access security for its protection.
Read more: I Programmer
They have to have actual physical possession of the phone being hacked, but this makes lost or stolen phones completely insecure - which is bad news for the corporate use of the iPhone. Given that the procedure only takes six minutes, it is even possible that the phone could be removed, compromised and returned without the user being aware that all their account information has been downloaded.
The attack is directed against keychain, the account/password manager which stores user details including passwords and certificates used to access third party systems such as corporate networks and email accounts.
The keychain is regarded as secure because in a locked phone the user's passcode is required to access it. Unfortunately there are ways to access keychain without knowing the passcode and the real surprise is that once you get into keychain it contains a great deal of information in unencrypted form. In other words, it relies on the phone's main access security for its protection.
Read more: I Programmer