The real weakness is because iOS default / suggested passphrases aren't very secure: "As the hotspot wordlist consists of only 1842 entries followed by a four-digit number, there are only around 18.5 million possible combinations."
At first, I figured this could be used as a case against Randall Munroe's password generation algorithm [1]. But it looks like the problem is with Apple's implementation, not with the method. The abstract claims that "the process of selecting words from that word list is not random at all". I wondered how not-random the selection was. The paper says: "words from this Top 10 list are ten times more likely to be selected as a default password". The word frequency distribution graph [2] is pretty damning.
Yes it does: "After retrieving several hotspot passwords by manually resetting the hotspot settings, we revealed a word list on the Internet, which contained all our collected samples. This list consists of around 52,500 entries and was originated from an open-source Scrabble crossword game[20]."
Interesting but the danger appears to be slightly overblown:
>A GPU cluster composed of four AMD Radeon™ HD 7970 can cycle through around 390.000 guesses per second. As the hotspot wordlist consists of only 1.842 entries followed by a four-digit number, there are only around 18.5 million possible combinations. This means, that a GPU cluster will crack an arbitrary password in less than 50 seconds.
Being in range of a hotspot in with that kind of hardware reliably and for any length of time is going to be difficult. Yes it's insecure but not to someone on the street attacking it with just their phone.
No need for the GPU cluster to be in range. A mobile device with 4G can communicate with a networked GPU cluster at speeds fast enough to pipe the data needed.
My default hotspot password in iOS 7 right now is "min1bt3456mi" which is improved over what I recall was the default (along the lines of "foobar1234"). Hopefully the actual password generation is improved too.
On the other hand the standard passwords for the encrypted synced keychain are 4 digits. And then apple says it can't decrypt it. The option for longer passwords can barely be seen on the iPhone 4.
It seems to be using a private API method of UITextChecker. [checker suggestWordInLanguage:@"en_US"]; to generate each word in the list. Can anyone explain what this method is actually doing? It doesn't take any sort of argument (other than language), does it literally just give you a random english word?
I've always considered personal hotspot default passwords to be insecure. Ironically, I've never changed my iPhones default password. Thank goodness for poor coverage on Australia's CityRail network, I suppose...
