14 DAY TRIAL // The text prediction feature in iOS 8 seems to be faulty and predicts sensitive strings of characters such as passwords, a reputable security researcher focused on Apple’s mobile operating system says.
In a tweet posted on Tuesday, Stefan Esser, known for his work discovering vulnerabilities in the iOS platform, said that while typing, the latest version of Apple’s mobile platform predicted one of his passwords.
The researcher did not offer any other information on Twitter, but one of his followers confirmed that the same happened to him, too.
Stefan Esser’s name is linked to several iOS exploits, which he shares in paid sessions for training purposes only. One of them has been used without his permission for creating the Pangu jailbreak tool for iOS 7.1.
At the time, Esser said that the Pangu developers offered to buy the exploits, but he refused to sell them.
As for the issue of passwords being offered by the text prediction feature in the latest version of iOS, the security researcher said that the countersign popping in the list of suggestions was not a word, which could mean that other characters were also used, not just letters.
The researcher has not provided additional details to support his finding. Even if this is true, the security risk may not be as high as it appears because an attack requires physical access to the device and the attacker would also need to know the account the password protects.
W T F - iOS 8's fancy typing prediction offers one of my passwords as prediction. (Not a regular word)
— Stefan Esser (@i0n1c) September 23, 2014