Security flaw found in iOS 10 makes it vulnerable for cracking backups

Follow Us

A new security flaw has been found in iOS 10, which makes it vulnerable for cracking backups. The claim comes from Elcomsoft, a Russian company specialized in computer security programs, with its focus on password and system recovery software.

iOS 10




Encrypted iTunes backups created on a Mac/PC are protected by a password. In iOS 10, these passwords can be hacked by password cracking software as the backup system in the operating system skips certain security checks. According to Elcomsoft, it allows trying backup passwords "approximately 2500 times faster" compared to iOS 9 and earlier operating systems.

If successfully hacked, it provides access to all data on the phone, including those data stored in Keychain, which holds all of a user's passwords and other sensitive information. According to a blog on Peerlyst, this security weakness was created because Apple used a weaker hashing algorithm SHA256 in iOS 10 for local backups of iPhone files stored on PC. These algorithms allow the hacker to try a single password once and repeat to find a match and crack the login, making the whole process considerably less time consuming.

In iOS 9 and older versions back to iOS 4, Apple used PBKDF2 hashing algorithm, which had the password run through it 10,000 times. This implies that a hacker would have to run their plaintext guess through the algorithm 10,000 times too and repeat the process until a match was found.

Apple has confirmed that it is aware of the issue and is looking into the matter. “We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does not affect iCloud backups,” a spokesperson said to Forbes“We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption.”

In order to hack, the hacker needs to gain access to the computer where the iPhone files were stored. The hacker needs to get on the linked computer either by physically extracting the data or via a remote hack.

Reported By

Reporter

An astute writer with a track record in writing and publishing content for various industries, Ria brings on board her wealth of experience in journalism and love for technology to TelecomTalk. When not writing or reading, she spends a copious amount of time daydreaming and finding obscure Japanese folklore on the internet.

Recent Comments

shivraj roy :

Vi's network is really good in Mumbai as of 16th March 2024

Airtel Offering 10GB of Bonus Data on Recharges Above Rs…

Faraz :

They don't play Fair game.. Vi is better in offering more data ( though their network not so good in…

Airtel Offering 10GB of Bonus Data on Recharges Above Rs…

Rupesh :

Only 3500? These 5 states combined have 51744 towers. Means less than 5% per state. BSNL will never get level…

BSNL Installs 3,500 4G Towers Across 5 North Indian States:…

Faraz :

"BSNL plans to quickly upgrade 4G services to 5G by June 2024 " Is this a typo or a quote…

BSNL Installs 3,500 4G Towers Across 5 North Indian States:…

Faraz :

Population growth and growth of mobile users are more than that. And I was wondering Vi started gaining 4G customers…

Vodafone Idea Only Added 4 Million 4G Users in Four…

Load More
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments