While Apple Inc. (NASDAQ:AAPL)’s lock-screen protection remains intact, once users beginning using their phone to tether their connection to another device, they shouldn’t be surprised if they find others using their connection. That’s probably not entirely accurate, chances are that if you are using your phone to use your laptop in a public place, there remains little chance that someone will “hack” your hotspot but in an announcement from security researchers, its certainly within the realm of possibilities.
PSK Authentication Method Used by Apple
“We investigate this trade-off by analyzing the PSK authentication method used by Apple Inc. (NASDAQ:AAPL) iOS to set up a secure WPA2 connection when using an iPhone as a Wi-Fi mobile hotspot. We show that Apple iOS generates weak default passwords which makes the mobile hotspot feature of Apple iOS susceptible to brute force attacks on the WPA2 handshake. More precisely, we observed that the generation of default passwords is based on a word list, of which only 1.842 entries are taken into consideration. In addition, the process of selecting words from that word list is not random at all, resulting in a skewed frequency distribution and the possibility to compromise a hotspot connection in less than 50 seconds.”