User profile for user: JimBlake
JimBlake Author
User level: Level 1
0 points

iPhone Keychain Passwords in Plain Text

I just used iPhone Backup Extractor to extract the iPhone OS files from my iPhone backup. There is a file called keychain-2.db and I was horrified to see my various passwords in plain text when I opened the file in TextEdit. Does this mean that they are stored on the iPhone in plain text? I know that I can encrypt my backups, but what about the iPhone itself? If they are unencrypted on the phone, can't a clever thief jailbreak the phone and extract my passwords?

iPhone 3GS, iPhone OS 3.1.2

Posted on Nov 25, 2009 2:11 PM

Reply
8 replies
User profile for user: Community User
Community User

Nov 25, 2009 3:07 PM in response to JimBlake

iphone encrypts all of its data. There was an old bug (PW or something 2 years ago) which allowed a hacker to exploit it. This was fixed a long time ago within days by Apple. Another reason to keep updating the firmware 🙂

Hacker can get to your phone if you jailbreak it and can read (read decrypt) everything.
Reply
User profile for user: Community User
Community User

Nov 25, 2009 3:09 PM in response to Community User

Just to add, there many ways to extra secure your phone, lock it with password, use password manager to secure whatever passwords you keep. Encryption software to encrypt docs etc ... plus many more ways. App store has many stuff on this.
Reply
User profile for user: Community User
Community User

Nov 25, 2009 3:36 PM in response to JimBlake

Please note that I am talking about the Iphone only. It is up to individual applications to provide security or not. Another example, are emails, if your provider does not support SSL encryption, or you forgot to enable SSL in Iphone then it is not difficult to read your email on the air with a sniffer. Another option people ignore is to whether send your email password and username in plain text if the server does not understand SSL.

So users have responsibility as well to secure their stuff. Having said that nto many info available on this subject. This might make a good read

http://www.takecontrolbooks.com/iphone
Reply
User profile for user: ShadyMac
ShadyMac
User level: Level 4
1,283 points

Nov 25, 2009 3:53 PM in response to JimBlake

Jamalaya is not entirely correct...

If you have NOT chosen for iTunes to encrypt your iPhone back up's then iPhone extractor will be able to display the files on the iPhone OS folder as you have described...

However, if in iTunes you have chosen to encrypt the back up , then the iPhone Back up extractor will NOT be able to display any data...

It will allow you to follow the normal steps to extract the iPhone OS folder to a location you pick but then after you choose to extract you will see an empty folder!!!

This is because of the encrypted status...only folks who have not chosen to encrypt the back up in iTunes will be vulnerable to data loss you're worried about

Granted there are always clever ways a hacker may be able to get around even the encrypted back up...but that's quite rare if at all...
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

iPhone Keychain Passwords in Plain Text

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up