A new security flaw has been found in iOS 10, which makes it vulnerable for cracking backups. The claim comes from Elcomsoft, a Russian company specialized in computer security programs, with its focus on password and system recovery software.
Encrypted iTunes backups created on a Mac/PC are protected by a password. In iOS 10, these passwords can be hacked by password cracking software as the backup system in the operating system skips certain security checks. According to Elcomsoft, it allows trying backup passwords “approximately 2500 times faster” compared to iOS 9 and earlier operating systems.
If successfully hacked, it provides access to all data on the phone, including those data stored in Keychain, which holds all of a user’s passwords and other sensitive information. According to a blog on Peerlyst, this security weakness was created because Apple used a weaker hashing algorithm SHA256 in iOS 10 for local backups of iPhone files stored on PC. These algorithms allow the hacker to try a single password once and repeat to find a match and crack the login, making the whole process considerably less time consuming.
In iOS 9 and older versions back to iOS 4, Apple used PBKDF2 hashing algorithm, which had the password run through it 10,000 times. This implies that a hacker would have to run their plaintext guess through the algorithm 10,000 times too and repeat the process until a match was found.
Apple has confirmed that it is aware of the issue and is looking into the matter. “We’re aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update. This does not affect iCloud backups,” a spokesperson said to Forbes. “We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption.”
In order to hack, the hacker needs to gain access to the computer where the iPhone files were stored. The hacker needs to get on the linked computer either by physically extracting the data or via a remote hack.