Apple’s latest mobile operating system, the iOS 10, features a massive security flaw that makes it easier for hackers to crack passwords through local iTunes backups. Once you update, manual backups are much less secure than they were prior, because the password-protected backups use an “alternative password verification mechanism” that can be cracked much more easily than the previous one.
The vulnerability was discovered by Elcomsoft, a Russian forensics company whose tools help hackers break into iPhones. The company noted that it could now crack into a backup file “approximately 2,500 times faster compared to the old mechanism used in iOS 9 and older.” With the iOS 9, Elcomsoft processed 2,400 passwords per second, and with the iOS in its current state, the company can process 6 million passwords per second.
Apple states that it’s looking into the issue, suggesting the vulnerability will be fixed soon. The company released this statement:
“We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does not affect iCloud backups.”
“We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption.”
To take advantage of this vulnerability, a hacker would have to receive access to the Mac or PC where the backup is stored. Thus, there is a small chance the flaw is affecting several users. However, it’s beneficial that the vulnerability was discovered now, rather than several months down the road.
Source: MakeUseOf
Advertisement
Learn more about Electronic Products Magazine
