Key to the security loophole is the method by which Apple generates the pre-configured codes. The company begins with a list of around 52,500 4-6 character words (which were apparently shared with an open-source Scrabble crossword game), the paper, Usability vs. Security: The Everlasting Trade-Off in the Context of Apple iOS Mobile Hotspots [pdf link] says. iOS then appends a four digit, randomly created number to the word.
Further exploration, though, revealed that though Apple has 52,500 words to choose between, iOS only in fact picks from 1,842 of the options on the list. Based on that assumption, the researchers could trim their attack by more than 96-percent, and – by also using a faster brute-force setup – cut down the hack time to less than a minute. Interestingly, iOS seems to prefer “suave”, “subbed”, and “headed” for its word of choice.
The exact speed of the crack is very much dependent on what processing power you have available at the time. To achieve the sub-50s rate, the researchers needed to call upon the combined power of four AMD Radeon HD 7970 GPUs: that’s not likely to be something your average hacker in a coffee shop will be carrying.
Nonetheless, the team suggests that all iOS users should change the default password iOS suggests to one of their own alternatives. As for rival platforms, brief analysis of Windows Phone 8 indicates Microsoft only uses a randomly generated 8-digit number, and thus could also be susceptible to cracks.
Android security, though, is at the mercy of manufacturers. While the researchers discovered that Google’s official build comes up with highly secure passwords, based on Java’s UUIDs, they also found that some OEMs change the default to something more straightforward (such as “1234567890″ on HTC phones) and thus introduce potentially exploitable flaws.