Security flaw found in iOS 10 makes it vulnerable for cracking backups

By September 26th, 2016 AT 5:42 PM

A new security flaw has been found in iOS 10, which makes it vulnerable for cracking backups. The claim comes from Elcomsoft, a Russian company specialized in computer security programs, with its focus on password and system recovery software.

iOS 10

Encrypted iTunes backups created on a Mac/PC are protected by a password. In iOS 10, these passwords can be hacked by password cracking software as the backup system in the operating system skips certain security checks. According to Elcomsoft, it allows trying backup passwords “approximately 2500 times faster” compared to iOS 9 and earlier operating systems.

If successfully hacked, it provides access to all data on the phone, including those data stored in Keychain, which holds all of a user’s passwords and other sensitive information. According to a blog on Peerlyst, this security weakness was created because Apple used a weaker hashing algorithm SHA256 in iOS 10 for local backups of iPhone files stored on PC. These algorithms allow the hacker to try a single password once and repeat to find a match and crack the login, making the whole process considerably less time consuming.

In iOS 9 and older versions back to iOS 4, Apple used PBKDF2 hashing algorithm, which had the password run through it 10,000 times. This implies that a hacker would have to run their plaintext guess through the algorithm 10,000 times too and repeat the process until a match was found.

Apple has confirmed that it is aware of the issue and is looking into the matter. “We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does not affect iCloud backups,” a spokesperson said to Forbes“We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption.”

In order to hack, the hacker needs to gain access to the computer where the iPhone files were stored. The hacker needs to get on the linked computer either by physically extracting the data or via a remote hack.

Read more on:

Leave a Reply

Photo and Image Files

Recent Posts

Bharti Airtel and Vodafone First Recharge Plans Start at Rs 197: Check Details

People subscribing for the first time for Bharti Airtel or Vodafone can recharge from the first recharge plans both the...

7 Million Tata Sky Subscribers to Notice Reduction in Channel Pack Prices

Tata Sky, the biggest DTH operator in India is getting cheaper. But the thing is, not everyone will benefit out...

Reliance Jio Launches Rs 2,599 Annual Plan With 740GB Data and Disney+ Hotstar VIP Subscription

After teasing it for more than three days, Reliance Jio has finally announced new prepaid plans bundled with Disney+ Hotstar...