iphone keychain/password attack preaches device awareness

Researchers have figured out a way to recover some passwords from iPhone/iPad devices in 6 minutes (video and pdf links are in the article). Obviously this is yet another excuse to preach about not losing your devices and reporting lost devices so accounts can be disabled and/or passwords changed.

But there’s more…think about this. Your VP of Whatever is on a business trip to China. He unplugs for a bit and heads to the exercise room of the hotel, leaving his iPhone in his room. Someone enters his room and will have unfettered physical access to his device for x minutes. And you won’t even know it. And don’t for a minute think this doesn’t happen. Maybe the VP will just think his iPhone is broken and exchange it…

In other words, always know where your devices are, even when they are switched off or locked. This should be obvious, but I don’t think non-paranoid people have been often told this.