From the article:
"...recovers passwords for iPhones and iPod Touches by trying thousands of phrases per second."
So it does a brute-force search with success reliant on weak passwords then?
Unless there is a very low maximum password length (or encryption key length), I don't see the problem; anyone who really has something to hide will use a password that is both long enough and sufficiently non-word-like to take too long to brute-force.
Using words as passwords = FAIL
Sorry, but if you use a word that's in the dictionary as your password, you deserve to have your phone cracked.
My password mechanism for secure sites:
- Open a text editor
- Drop a calculus book on the keyboard
- Change at least two of the characters to uppercase/alternate
I'd like to see a dictionary check break that!
the same book for each secure site? Or do you use a different book per site? When you come to log in to said site, do you just whip out the book and pray that you hit the same keys second time around?
The need to remember passwords makes them inherently insecure. I'm sure you have your wonderfully selected passwords written down somewhere, probably on a PDA, secured by a single memorable pin code or password.....
Don't make me laugh
So, if I'm not mistaken, the hacker needs to have physical access to the machine that you made the back up on to and then needs to copy the backup.
Then they need to go to a PC and run the software.
An easier way would be to call you from the room next door and when you answer the phone, run in and hit you over the head with a brick and just take the iPhone!