German researchers say they have been able to reveal passwords stored in the iPhone’s Keychain while the device is still locked.
[ad#Google Adsense 300×250 in story]The researchers said that they need physical possession to hack into the iPhone, but that could be a danger if your phone is lost or stolen. While I’m sure that the average user wouldn’t be able to do the hack as easily as they did, it took them only six minutes to gain access to the passwords, according to IDG News.
“As soon as attackers are in the possession of an iPhone or iPad and have removed the device’s SIM card, they can get a hold of e-mail passwords and access codes to corporate VPNs and WLANs as well,” said the researchers in a statement. “Control of an e-mail account allows the attacker to acquire even more additional passwords: For many web services such as social networks the attacker only has to request a password reset.”
According to the report, the researchers jailbreak the phone, install and SSH server and then upload a script that outputs the content of the Keychain.