Security researchers: iPhone Keychain circumvented, data stolen in 6 minutes

If someone manages to take physical possession of your iPhone and keep it long enough to Jailbreak it, enable SSH, and get access to the root, they can compromise Apple's Keychain password management system and get to your data in roughly 6 minutes.

The attack works because the cryptographic key on current iOS devices is based on material available within the device and is independent of the passcode, the researchers said. This means attackers with access to the phone can create the key from the phone in their possession without having to hack the encrypted and secret passcode.

Using the attack, researchers were able to access and decrypt passwords in the keychain, but not passwords in other protection classes.

In other words, Exchange, Google/Gmail, LDAP, VPN, Wi-Fi, and some app passwords. This assumes you -- or the company for which you have passwords -- is a high enough level target that an attacker will go through the time and effort of stealing and breaking into your iPhone (or you lose your phone and a bored hacker finds it and decides to do it for the lulz.) It's also currently being shown off in the lab, not in the wild (that we know of).

In any case, common sense and best practices dictate that if you ever have your iPhone stolen -- or you lose it -- you immediately use Apple's free Find my iPhone service to remotely wipe it (you can always restore via iTunes if you find it again or it gets returned). You should also change your account passwords and inform your IT department so your enterprise access can be changed if/as needed.

Note: None of this has anything to do with you Jailbreaking your own phone or not. This is an attack on an iPhone, regardless if it's Jailbroken or not, that uses Jailbreak to gain access to the iPhone to steal data. Same exploit, evil intentions.

Hopefully Apple's new security muscle gets more serious about protecting the Keychain in future versions of iOS.