Security flaw found in iOS 10 makes it vulnerable for cracking backups

Follow Us

A new security flaw has been found in iOS 10, which makes it vulnerable for cracking backups. The claim comes from Elcomsoft, a Russian company specialized in computer security programs, with its focus on password and system recovery software.

iOS 10




Encrypted iTunes backups created on a Mac/PC are protected by a password. In iOS 10, these passwords can be hacked by password cracking software as the backup system in the operating system skips certain security checks. According to Elcomsoft, it allows trying backup passwords "approximately 2500 times faster" compared to iOS 9 and earlier operating systems.

If successfully hacked, it provides access to all data on the phone, including those data stored in Keychain, which holds all of a user's passwords and other sensitive information. According to a blog on Peerlyst, this security weakness was created because Apple used a weaker hashing algorithm SHA256 in iOS 10 for local backups of iPhone files stored on PC. These algorithms allow the hacker to try a single password once and repeat to find a match and crack the login, making the whole process considerably less time consuming.

In iOS 9 and older versions back to iOS 4, Apple used PBKDF2 hashing algorithm, which had the password run through it 10,000 times. This implies that a hacker would have to run their plaintext guess through the algorithm 10,000 times too and repeat the process until a match was found.

Apple has confirmed that it is aware of the issue and is looking into the matter. “We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does not affect iCloud backups,” a spokesperson said to Forbes“We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption.”

In order to hack, the hacker needs to gain access to the computer where the iPhone files were stored. The hacker needs to get on the linked computer either by physically extracting the data or via a remote hack.

Reported By

Reporter

An astute writer with a track record in writing and publishing content for various industries, Ria brings on board her wealth of experience in journalism and love for technology to TelecomTalk. When not writing or reading, she spends a copious amount of time daydreaming and finding obscure Japanese folklore on the internet.

Recent Comments

pratulk09 :

Personally, I don't think so. since BSNL is using b/n28 for deploying 4g/5g they don't need more than 150K towers.…

What Does 700 MHz Band Mean for BSNL?

SCKPA :

Exactly Faraz. Even today noon when I am writing this, BSNL 4G service totally vanished in our city. I checked…

BSNL Has Now Installed 50000 4G Sites

TheAndroidFreak :

It's ranging from 139-159 for 1GB/day data. It's ranging from 180/199 for 2GB/day data.

What Does 700 MHz Band Mean for BSNL?

Faraz :

That's the biggest disadvantage with this 1 lakh sites target, that only those who stay at home all the time…

BSNL Has Now Installed 50000 4G Sites

Faraz :

Where is this 149 plan, I don't see it anywhere. Even Techwiser mentioned yesterday, but couldn't find it.

What Does 700 MHz Band Mean for BSNL?

Load More
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments