Apple + Security & Privacy

We got wind of a new program today that claims to be able to extract passwords from an iPhone’s keychain. (This would also affect other iOS devices.) The company selling this software claims it is a forensic tool, designed for investigators, and, perhaps, network administrators. However, such a tool, which is not very expensive, would allow anyone who “finds” an iPhone to access passwords for e-mail accounts, web sites, and any other software. This means that if you were to lose your iPhone, any passwords you had entered for say a banking site, PayPal, or commercial sites that store your credit card information and allow you to make purchases without entering it again, would be accessible.

(Note: we’re not mentioning the name of the software or the company, as we feel that such information is detrimental to iPhone users.)

The company’s website gives no price for this program, but given the prices for its other software, the investment in such a program would be minimal for anyone who is interested in cracking iPhones.

For this reason, it is strongly recommended that iPhone users store as few passwords as possible on their device’s keychains. Some, such as an e-mail account password, are required, but it is best to not store passwords for banking sites, commercial sites, or any other sites that could allow a hacker who finds a lost or stolen iPhone to access confidential information. And it’s not just the information that’s at risk; it’s also the user’s identity that can be usurped by obtaining access to their accounts.