views:

229

answers:

2

hi there,

i'm writing an iphone application with an authentication page, where the end user puts his credentials.

I know that the iphone keeps traces of the keyboard strokes & i would like to reset the keyboard cache in order to prevent from hackers to dump the memory and reveal the user credentials.

Any suggestions? sample code reference can help me.

Thanks, EfiJ.

+1  A: 

This seems like an extreme measure for a theoretical attack. Exactly how many keyboard cache dumps have resulted in security breaches on the iPhone to date? If you can't answer that question then there is a good chance you're wasting development time "chasing zebras".

Security is important, but if something like this isn't stated in the Apple security guidelines, it can probably deemed overkill. Especially if Apple doesn't worry about it in iTunes Store or the App Store.

Soviut
I don't think this would be a theoretical attack _if passwords were stored in the keyboard cache_. Often, Passwords aren't real words and if one knew the first 2 letters (by looking over one's shoulders e.g.) the iPhone could complete the password.
Georg
+1  A: 

As far as I know password fields don't store their inputs in the keyboard cache.

Georg