“iOS 10 has a ‘major security flaw’ which leaves the data locally backed up to iTunes much more vulnerable to password cracking,” Darlene Storm reports for Computerworld.
“At least that is what Russian forensic software company Elcomsoft claimed on Friday. Apple allegedly weakened the method for protecting local backup files in iOS 10 by skipping some security checks. In other words, the security mechanism for protecting iOS 10 backups, which are saved locally on a computer via iTunes, are more susceptible to password-cracking tools,” Storm reports. “‘The new security check is approximately 2,500 times weaker compared to the old one that was used in iOS 9 backups,’ Elcomsoft researcher Oleg Afonin announced.”
“Elcomsoft, which makes forensic software to gain access to password-protected, locked and encrypted information on mobile devices, was tweaking its Phone Breaker software so it would work on iOS 10. That’s when the company discovered the ‘alternative password verification mechanism’ which Apple added to iOS 10 backups,” Storm reports. “Apple acknowledged the issue and promised the flaw will be fixed via an upcoming patch.”
Read more in the full article here.
MacDailyNews Note: Apple is aware of the issue and will correct it an upcoming update:
We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does not affect iCloud backups. We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption.