Plenty of us use the WiFi hotspot capabilities of our smartphones on a daily basis, helping us get online with laptops, gaming systems, or other devices without their own cellular radios. Like setting up any WiFi network, part of using hotspots involves setting up a password, keeping your little impromptu network secure. Unfortunately, it seems that the default password generation behavior in iOS has some serious flaws, and as currently implemented in iOS 6 (presumably, this is still an issue with the 7 beta), creates passwords that can be cracked in about 50 seconds.
Normally, iOS suggests a hotspot password consisting of a word followed by a four digit number. On its own, that’s not a particularly robust way to choose passwords, but at least it would take a while for an attacker to try guessing every possible combination.
The problem is how Apple chooses those words. Security researches looking into the scheme have discovered that Apple’s only pulling from a base dictionary of 1,842 words. Even with those, the distribution is all messed up, and some are far more likely to be selected for a password than others (see chart below).
As a result, all an attacker needs to run is those 1,842 words, along with the 10,000 variations you get from the four-digit number appended, and he’s going to find your password. That still may sound like a lot of cracking to do, but with modern hardware, those 18.5 million combinations only take 50 seconds or so. And that’s with only four GPUs doing the number crunching – scale the hardware up, and even less time will be needed. Just moving to a better GPU knocked it down to 24 seconds.
Beyond someone using this to steal bandwidth from your phone, it’s also possible it could be used to stage a man-in-the-middle attack against data being sent between your phone and laptop.
How do you avoid being a victim? Easy. Just don’t use Apple’s default password suggestion, and choose a stronger one of your own.