New iOS 8 Security Flaw Discovered; Suggests Parts of Your Password in Autocomplete

[dgstorm]

A security researcher recently discovered something a bit frightening in iOS 8. Apparently, when you have the QuickType predictive feature activated in iOS 8, it will actually suggest parts of your password as part of its predictive typing feature. Here's a quote with an example,

As an example, iDownload Blog notes that one user in Apple’s Support Communities has claimed that their keyboard has started “offering ‘OrangeJuice’ as a suggestion each time he would type in ‘AppleUser’ because QuickType remembered the ‘OrangeJuice!2′ password he previously used to log in to Outlook Web App.” Even worse, the user reported that QuickType would even suggest “other passwords from other services and old passwords that I already changed.”

Ouch! This is a major security issue. If someone gets hold of your device, they can probably fool around with it long enough to get it to tell them part of your password. Obviously this is something that Apple is probably working on in one of their updates they plan to release, but in the mean-time, you should turn off the QuickType predictive feature, just to be safe.

To do that you need to turn “Predictive” to OFF in the Settings > General > Keyboard.

Source: BGR

 

[Pinkpoison]

Thanks for that, That is a bit scary.