Skip to main content

Why you don’t want to use the default password for your iPhone personal hotspot

Weaknesses in the system used to generate default passwords for the iPhone’s personal hotspot function – allowing a wifi-enabled device like a MacBook to share the phone’s mobile data connection – mean that they can be cracked in just 50 seconds with the right hardware, according to researchers at a German university (via ZDNet).

Any default password used within an arbitrary iOS mobile hotspot is based on one of 1,842 different words.

This, combined with an increase in cracking hardware — a GPU cluster consisting of four AMD Radeon HD 7970s — allowed the researchers to crack any iOS hotspot with an OS-generated password within 50 seconds. Although such hardware is physically out of the reach of most users, the researchers said that similar resources are easily available through today’s cloud computing technologies … 

Researchers at the University of Erlangen in Germany found that Apple uses a dictionary of 52,500 words from an open-source Scrabble game to generate the passwords, with random numbers appended to them, but appears to be using only 1,842 words at present. Although that allows for a unique password for each iOS device, password strength is low.

Using a single computer, it took a maximum of 49 minutes to crack a password, but using an array of just four powerful processors would enable 100% success in just 50 seconds. They called on Apple to switch to true randomly-generated passwords to boost security.

As always, it’s strongly recommended to create your own, truly random password – either making something up or using a password-generator app. To do this, go to Settings > Personal Hotspot then just tap the right-arrow next to the password to replace the default password with your own.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear