Apple acknowledges iOS 10 backup system at severe security risk: Reporthttps://indianexpress.com/article/technology/iphone-7/apple-acknowledges-ios-10-backup-system-at-severe-security-risk-report-3049236/

Apple acknowledges iOS 10 backup system at severe security risk: Report

A loophole in iOS 10 can allow hackers to crack the password of protected iPhone backups at 40 times the speeds before

Apple, ios 10 risk, ios 10 security risk, ios 10 flaws, ios 10 hacking, ios 10 jailbreak, ios 10 hack, ios 10 backup, ios 10 backup security, hacking iphone, iPhone 7 hacks, ios 10 hacks, technology news, indian express
This security flaw allows us developing a new attack that is able to bypass certain security checks when enumerating passwords protecting local backups (Source: Apple)

A recent revelation by professional hackers has revealed that there is a loophole in iOS 10 that can allow hackers to crack the password of protected iPhone backups, and that too 40 times faster than before. According to a report by Forbes, Russian forensics company – Elcomsoft have found a flaw in iOS 10 that uses a weaker password protection for the manual backups users take of their devices via iTunes.

“We discovered a major security flaw in the iOS 10 backup protection mechanism. This security flaw allows us developing a new attack that is able to bypass certain security checks when enumerating passwords protecting local (iTunes) backup made by iOS 10 devices,” said Oleg Afonin in an Elcomsoft blog post. “The impact of this security weakness is severe,” he added.

Elcomsoft is the company whose kit was allegedly used by hackers to expose nude celebrity pictures back in 2014. The security weakness in the new system gives a 40 times boost to hack the system as compared to iOS 9 backups. According to Elcomsoft, the new method of attack is limited to password-protected backups that are made by iOS 10 devices.

The blog added that ‘Apple smartphones are secure’ and that iOS gets more secure with every new generation (iOS 10 has no jailbreak). Cloud acquisition of backups is not possible unless the user’s Apple ID and password are known. The best method to acquire information is through forcing an iPad or an iPhone to produce an offline backup, which can then be then used to retrieve information.

Advertising

Using their existing i5 CPU’s to crack the password, the software was able to guess six million passwords a second – compared to just 2400 passwords per second when using the the same computer to hack iOS 9 backups.

Elcomsoft’s Phone Breaker 6.10 kit is available for purchase to anyone who wants to buy it. The phone breaker software can access password protected backups for smartphones made by Blackberry and Apple, and includes ‘iPhone 7 Plus and iOS 10’.

Read: Apple issues iOS 10.0.2 update with fix to lightning earpods issue

Apple confirmed the issue to Forbes, with a spokesperson saying, “We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does not affect iCloud backups.”