Usability vs. Security: The Everlasting Trade-Off in the Context of Apple iOS Mobile Hotspots
نویسندگان
چکیده
Passwords have to be secure and usable at the same time, a trade-off that is long known. There are many approaches to avoid this trade-off, e.g., to advice users on generating strong passwords and to reject user passwords that are weak. The same usability/security trade-off arises in scenarios where passwords are generated by machines but exchanged by humans, as is the case in pre-shared key (PSK) authentication. We investigate this trade-off by analyzing the PSK authentication method used by Apple iOS to set up a secure WPA2 connection when using an iPhone as a Wi-Fi mobile hotspot. We show that Apple iOS generates weak default passwords which makes the mobile hotspot feature of Apple iOS susceptible to brute force attacks on the WPA2 handshake. More precisely, we observed that the generation of default passwords is based on a word list, of which only 1.842 entries are taken into consideration. In addition, the process of selecting words from that word list is not random at all, resulting in a skewed frequency distribution and the possibility to compromise a hotspot connection in less than 50 seconds. Spot tests show that other mobile platforms are also affected by similar problems. We conclude that more care should be taken to create secure passwords even in PSK scenarios.
منابع مشابه
Book Review: iPhone and iOS Forensics: Investigation, Analysis and Mobile Security for Apple iPhone, iPad and iOS Devices
متن کامل
Book Review: iPhone and iOS Forensic: Investigation, Analysis and Mobile Security for Apple iPhone, iPad and iOS Devices
متن کامل
Through the Frosted Glass: Security Problems in a Translucent UI
Translucency is now a common design element in at least one popular mobile operating system. This raises security concerns as it can make it harder for users to correctly identify and interpret trusted interaction elements. In this paper, we demonstrate this security problem using the example of the Safari browser in the latest iOS version on Apple tablets and phones (iOS7), and discuss technic...
متن کاملA Systematic Evaluation of Mobile Spreadsheet Apps
The power and flexibility of spreadsheets have made them an essential part of modern business. The increasingly mobile nature of business has created a need to access spreadsheets while on the move. Mobile devices such as the Apple iPhone and Blackberry have enabled users to do this but the small nature of these devices has caused a number of issues for mobile spreadsheet users. This paper pres...
متن کاملThe Trade-off Between Usability and Security in the Context of eGovernment: A Mapping Study
Most governments implement the latest information communication technology (ICT) to improve the online experience of their citizens and businesses. Governments put great effort into providing user-focused services that are usable, secure and accessible by portable and wireless devices (e.g. tablets, smart phones etc.). However, such devices bring with them specific problems of usability and sec...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013