Home / news / Apple iOS 10 Apparently Has Weak Backup Security

Apple iOS 10 Apparently Has Weak Backup Security

In love with the new 10? If you’re a hacker, you probably are. That’s because the newest operating system allegedly makes it “considerably easier” to hack iTunes logins for backup passwords stored on a Mac or . According to software company (and expert) Elcomsoft, the backup method used in 10 “skips certain security checks,” which allowed professional hackers to test backup passwords “approximately 2500 times faster” when compared to 9 and previous generations.

In a blog post detailing its findings, Elcomsoft wrote, “We discovered a major security flaw in the iOS 10 backup protection mechanism. This security flaw allowed us developing a new attack that is able to bypass certain security checks when enumerating passwords protecting local (iTunes) backups made by iOS 10 devices.”

If you’re asking how serious of a problem this is, the software company says it’s “severe.” In fact, the company said, widely accessible tools achieved an 80 to 90 percent chance of successfully hacking a backup password — these are tools that can be purchased by just about anyone, not just law enforcement officials.

Related’s new patent proposes a way to eliminate ‘butt dialing’ once and for all

The problem, security expert Per Thorsheim wrote in a blog on Peerlyst, is that is now using a weaker weaker hashing algorithm when it comes to data kept on PCs. As Forbes explained, “In iOS 9 and prior versions back to iOS 4, Apple used what’s known as a PBKDF2 algorithm and had the password run through it 10,000 times, so a hacker would have to run their plaintext guess through the algorithm 10,000 times too and repeat the process until a match was found. In the iOS 10 alternative version, a different algorithm known as SHA256 was used but with just one iteration.”

Apple, for its part, has admitted to this shortcoming. “We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or . We are addressing this issue in an upcoming security update. This does not affect iCloud backups,” a spokesperson said. “We recommend users ensure their Mac or are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption.”

Check Also

Kobo's New Aura H2O Can Survive a Dunk in the Pool

Why it matters to you If you’re in the market for an affordable, durable new …

Leave a Reply

Your email address will not be published. Required fields are marked *