iOS 8 security flaw offers your password as a QuickType suggestion

BY Jason

Published 29 Sep 2014

iOS 8 QuickType feature

iOS 8 brings with it a new keyboard feature called QuickType, a row of words that lives on top of the keyboard offering you predictive suggestions based on your typing history.

According to multiple reports, a security flaw in iOS 8 offers not just your usual words as QuickType suggestions, but even your password. Apple’s support forums user ramiroegueta describes the problem:

Every time I enter a name or a username on a text field, Quick Type suggests me a part of my password

Let’s say my user name is AppleUser and my pass is OrageJuice!2, every time I enter AppleUser Quick Type suggests me OrangeJuice.  The worst part is that it also suggests me other passwords from other services and old passwords that I already changed. I found this while trying to login to an OWA web portal, but it happens on any text input field, like Notes.

QuickType password

Stefan Essar aka i0n1c, well-known iOS security researcher, also noticed and complained about this security hole:

iOS 8 adds support for custom keyboards, but restricts password fields only to the standard iOS keyboard for security reasons. According to these reports, however, it seems your password is still not secure from bystanders.

Currently, you can’t remove or add words to QuickType’s dictionary, so if you’re facing the same issue, you can reset the keyboard dictionary from Settings > General > Reset > Reset Keyboard Dictionary or disable QuickType by turning the Predictive switch off in Settings > General > Keyboard.

Have you faced this issue? Let us know in the comments below.

[via iGen.fr]